Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rpDOUhuBC5.exe

Overview

General Information

Sample name:rpDOUhuBC5.exe
renamed because original name is a hash value
Original sample name:1f856d82c95fcef4439c2c9d442e44f4.exe
Analysis ID:1581594
MD5:1f856d82c95fcef4439c2c9d442e44f4
SHA1:cb7fabe82a409e77c3d0d422117de414c08ce485
SHA256:bc1a85c3048089f8730fe0c0c995fbede05597a6706be54c541add28cfe1d9af
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • rpDOUhuBC5.exe (PID: 4196 cmdline: "C:\Users\user\Desktop\rpDOUhuBC5.exe" MD5: 1F856D82C95FCEF4439C2C9D442E44F4)
    • taskkill.exe (PID: 1476 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4512 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 6416 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 5512 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 1480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 4308 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 2228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 6552 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 4512 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 1412 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 2820 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2120 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c91e84-12cf-4f84-99b8-0a8cb701bda1} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d294e6ff10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7488 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2960 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b0b3ba-8265-4a07-8ba8-25e4102afd2f} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a7554a10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8012 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 3752 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49b66a3-1c02-4383-b25f-759533b33a6a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a6711910 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: rpDOUhuBC5.exe PID: 4196JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: rpDOUhuBC5.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: rpDOUhuBC5.exeReversingLabs: Detection: 42%
    Source: rpDOUhuBC5.exeVirustotal: Detection: 27%Perma Link
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.6% probability
    Machine Learning detection for sample
    Source: rpDOUhuBC5.exeJoe Sandbox ML: detected
    Source: rpDOUhuBC5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49853 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49854 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2154073147.000001D2B0F51000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2183024623.000001D2A4727000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2183557333.000001D2A4721000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2183024623.000001D2A4727000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2154073147.000001D2B0F51000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2183557333.000001D2A4721000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B5DBBE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B2C2A2 FindFirstFileExW,0_2_00B2C2A2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B668EE FindFirstFileW,FindClose,0_2_00B668EE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B6698F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D076
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D3A9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B69642
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B6979D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B69B2B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B65C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B65C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 226MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00B6CE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 5*://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2330803739.000032C017603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 5www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B0756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287294449.000001D2B075B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260724947.000001D2B0756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2264429488.000001D2B1562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234975400.000001D2B1558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B156A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B156A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2127938984.000001D2A65E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B0756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287294449.000001D2B075B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1562000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B156A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B156A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B156A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2234975400.000001D2B1558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264429488.000001D2B155D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2320329254.000001D2A5824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B0756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2330803739.000032C017603000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.2320329254.000001D2A5824000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2259872033.000001D2B156A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1562000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com- equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.2320653562.000001D2A56B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A6276000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2282007891.000001D2A4E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.2157648513.000001D2A478E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2158015379.000001D2A4790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156927504.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: firefox.exe, 0000000E.00000003.2184869078.000001D2A477C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184482935.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184085940.000001D2A477B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.2157648513.000001D2A478E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2158015379.000001D2A4790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156927504.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.2157648513.000001D2A478E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2158015379.000001D2A4790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156927504.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
    Source: firefox.exe, 0000000E.00000003.2234975400.000001D2B1567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2287894167.000001D2B01A3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273050972.000001D2B01A2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261665404.000001D2A6BF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.2273050972.000001D2B01A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2320188855.000001D2A5E25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292098992.000001D2A867C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2267342183.000001D2A867C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.2264270764.000001D2B157B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.2234975400.000001D2B1567000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261665404.000001D2A6BF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-04/schema#
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-06/schema#
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#-
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2216417379.000001D2A5736000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.2223313371.000001D2A427A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102398955.000001D2A63F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102077493.000001D2A64DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218372817.000001D2A63C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144813357.000001D2A63EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102888246.000001D2A53DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275844013.000001D2A5DC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2212926625.000001D2ACB2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218372817.000001D2A63CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249436353.000001D2A796A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245564082.000001D2A84DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201646980.000001D2A69F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197519591.000001D2A69EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199508279.000001D2A598B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268413745.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2213617078.000001D2A53F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102220401.000001D2A53F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199134679.000001D2A59B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292840678.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247882405.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
    Source: firefox.exe, 0000000E.00000003.2157648513.000001D2A478E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2158015379.000001D2A4790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156927504.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.2261538925.000001D2A880E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.2275760598.000001D2A5E4C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120043299.000001D2A7339000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281618516.000001D2A3F49000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279459163.000001D2A5467000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2279459163.000001D2A5450000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: firefox.exe, 00000011.00000002.3309699684.000002AE6A9FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2119923877.000002AE6A9FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2115968438.000002AE6A9FD000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000003.2116617456.000002AE6A9FD000.00000004.00000020.00020000.00000000.sdmp, mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.2271675630.000001D2A659A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.2096734981.000001D2A4981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.2290673023.000001D2ACD17000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.2194527103.000001D2ACD58000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119329280.000001D2ACD64000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290630848.000001D2ACD71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.2233046627.000001D2AD41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144217140.000001D2AD41F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143708108.000001D2AD428000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143403314.000001D2AD453000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254115188.000001D2B0CD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143584968.000001D2AD455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144217140.000001D2AD46D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2231990095.000001D2AD454000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234057522.000001D2AD455000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143403314.000001D2AD46D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2140760828.000001D2AD434000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2142358792.000001D2AD45C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144217140.000001D2AD454000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/enhancer-for-youtube/
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/facebook-container/
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/reddit-enhancement-suite/
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/to-google-translate/
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/firefox/addon/wikipedia-context-menu-search/
    Source: firefox.exe, 0000000E.00000003.2249436353.000001D2A7976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2314856126.000001D2A7976000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads-us.rd.linksynergy.com/as.php
    Source: firefox.exe, 0000000E.00000003.2320653562.000001D2A56B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274066714.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A5667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.2236916409.000001D2ACC60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278047383.000001D2ACDF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2242107908.000001D2ACD50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.2286578681.000001D2B0B69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194958832.000001D2ACCCF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2119720244.000001D2ACCCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
    Source: firefox.exe, 0000000E.00000003.2255308726.000001D2B0792000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146541893.000001D2A6352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146541893.000001D2A6352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146541893.000001D2A6352000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.2096734981.000001D2A4981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.2247882405.000001D2A7A16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.2319589663.000001D2A60A1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280859016.000001D2A4472000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.2249436353.000001D2A7976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239665931.000001D2B018B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273113206.000001D2B018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.2247882405.000001D2A7A16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.2127938984.000001D2A65C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.2127938984.000001D2A65C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=P-
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2123273530.000001D2A5728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.2193501132.000001D2B15F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2285892928.000001D2B0BE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238554660.000001D2B0BE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0BB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2234603258.000001D2B15C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FDA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.comP
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000011.00000002.3303792024.000002AE69D2F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtabL
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtabC
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtabA
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtabE
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtabG
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab?
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtabN
    Source: firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtabI
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more/
    Source: firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.2254115188.000001D2B0C6E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284751792.000001D2B0C6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A4447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.2144217140.000001D2AD46D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2143708108.000001D2AD410000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.2256489555.000001D2A67D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261936342.000001D2A67D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290551494.000001D2ACD87000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.2249436353.000001D2A79A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260724947.000001D2B0756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2240019143.000001D2AF233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.2194291376.000001D2B0EC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/314e4ea2-8041-411f-805c-e6c9d
    Source: firefox.exe, 0000000E.00000003.2313219539.000001D2B1535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-
    Source: firefox.exe, 0000000E.00000003.2315019469.000001D2A7942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260724947.000001D2B0756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/87fa6099-59ea-4310-ab41-4cdb
    Source: firefox.exe, 0000000E.00000003.2282540025.000001D2B15E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234494430.000001D2B15DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/3154d3cc-66d9-4a29
    Source: firefox.exe, 0000000E.00000003.2313219539.000001D2B1535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282540025.000001D2B15E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234494430.000001D2B15DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/4e62744b-9259-40c4
    Source: firefox.exe, 0000000E.00000003.2313219539.000001D2B1535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284307488.000001D2B0E8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b2f193fd-2a12-4d4f
    Source: firefox.exe, 0000000E.00000003.2313219539.000001D2B1535000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1533000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284307488.000001D2B0E8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/db876d79-db35-43bd
    Source: firefox.exe, 00000012.00000002.3304362303.000002D49AEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitS
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289613670.000001D2ACFF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema.
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema./
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/
    Source: firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2020-12/schema/=
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.2316075375.000001D2A705B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2120236060.000001D2A705B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A705B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2249741717.000001D2A700F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2249741717.000001D2A700F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.2249436353.000001D2A7976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239665931.000001D2B018B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273113206.000001D2B018C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2255580777.000001D2ACD12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2284751792.000001D2B0CF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2254115188.000001D2B0CF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B0756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A4447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
    Source: firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.2315188171.000001D2A792C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACDFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278047383.000001D2ACDF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.2272206233.000001D2A656E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 0000000E.00000003.2118546141.000001D2AD13B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289758046.000001D2ACFC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs#l
    Source: firefox.exe, 0000000E.00000003.2240019143.000001D2AF233000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 0000000E.00000003.2274066714.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.2320653562.000001D2A56B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274066714.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A5667000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.2274396789.000001D2A6259000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.2315110784.000001D2A793C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286131667.000001D2B0BA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238554660.000001D2B0BA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.2266116786.000001D2ACC10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.2270677491.000001D2A679B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234975400.000001D2B1558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2253364961.000001D2B1558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2282540025.000001D2B15E2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236979044.000001D2ACC3D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2264429488.000001D2B155D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2234494430.000001D2B15DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260007462.000001D2B1558000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.2206222480.000001D2A85E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
    Source: firefox.exe, 0000000E.00000003.2292730370.000001D2A7AC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268413745.000001D2A7ABA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247882405.000001D2A7ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.2316795871.000001D2A675E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271032278.000001D2A6758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278271419.000001D2A6758000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.2280859016.000001D2A4447000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
    Source: firefox.exe, 0000000E.00000003.2280167388.000001D2A44F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD13B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000E.00000003.2096734981.000001D2A4981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198611492.000001D2A6942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270375042.000001D2A67C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.2250899614.000001D2A6BDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozill
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.2157648513.000001D2A478E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2158015379.000001D2A4790000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2156927504.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.2119720244.000001D2ACCB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.2117110047.000001D2ACE60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.2127938984.000001D2A654B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.2270375042.000001D2A67C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.2271148623.000001D2A65BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271148623.000001D2A65C4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274396789.000001D2A6259000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2288348770.000001D2AD1A4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317095442.000001D2A65C8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2317139234.000001D2A65BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
    Source: firefox.exe, 0000000E.00000003.2123273530.000001D2A5728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
    Source: firefox.exe, 0000000E.00000003.2266116786.000001D2ACC10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2234603258.000001D2B1579000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2331024755.000035C6E7D03000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2279036565.000001D2A58C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322934070.000001D2A6FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.2331024755.000035C6E7D03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000E.00000003.2266116786.000001D2ACC10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 0000000E.00000003.2279036565.000001D2A58C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2322934070.000001D2A6FEE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-contentP
    Source: firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/1fca7bd2-7b44-4c45-b0ea-e0486850ce95j
    Source: firefox.exe, 00000012.00000002.3304362303.000002D49AEF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/:r
    Source: firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.2119329280.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2290418288.000001D2ACDA7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2194527103.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/V
    Source: firefox.exe, 0000000E.00000003.2279036565.000001D2A58C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.2280167388.000001D2A44F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000E.00000003.2316795871.000001D2A675E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2271032278.000001D2A6758000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2278271419.000001D2A6758000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.2239214089.000001D2B0756000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2145996756.000001D2A632E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2260724947.000001D2B0756000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000E.00000003.2280167388.000001D2A44F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.2251006614.000001D2A6BA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000012.00000002.3307093475.000002D49AFB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co
    Source: firefox.exe, 00000010.00000002.3304918177.0000016D1C6F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.co-jU
    Source: firefox.exe, 0000000E.00000003.2289329592.000001D2AD119000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304918177.0000016D1C6F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3303631103.0000016D1C150000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3303631103.0000016D1C15A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3302269430.000002AE69AB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303037431.000002AE69ACA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303037431.000002AE69AC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3301821175.000002D49AA7A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3301821175.000002D49AA70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307093475.000002D49AFB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.2275070496.000001D2A5EC5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd$C
    Source: firefox.exe, 0000000C.00000002.2079369506.0000026B9211A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.2090239025.000001D170729000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.3304918177.0000016D1C6F4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3303631103.0000016D1C150000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3302269430.000002AE69AB4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303037431.000002AE69AC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3301821175.000002D49AA70000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307093475.000002D49AFB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49715 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49718 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49724 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49732 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49731 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49735 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49736 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49776 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.5:49778 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49785 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49786 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49787 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49789 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49853 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49854 version: TLS 1.2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B6EAFF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00B6ED6A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B6EAFF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00B5AA57
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B89576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00B89576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: rpDOUhuBC5.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: rpDOUhuBC5.exe, 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_c82a2759-d
    Source: rpDOUhuBC5.exe, 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_eb0a69f6-7
    Source: rpDOUhuBC5.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_8f5b6e89-5
    Source: rpDOUhuBC5.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_f79df894-9
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A3035F7 NtQuerySystemInformation,17_2_000002AE6A3035F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A773D72 NtQuerySystemInformation,17_2_000002AE6A773D72
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00B5D5EB
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B51201
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00B5E8F6
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF80600_2_00AF8060
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B620460_2_00B62046
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B582980_2_00B58298
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B2E4FF0_2_00B2E4FF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B2676B0_2_00B2676B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B848730_2_00B84873
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B1CAA00_2_00B1CAA0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AFCAF00_2_00AFCAF0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B0CC390_2_00B0CC39
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B26DD90_2_00B26DD9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF91C00_2_00AF91C0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B0B1190_2_00B0B119
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B113940_2_00B11394
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B117060_2_00B11706
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B1781B0_2_00B1781B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B119B00_2_00B119B0
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF79200_2_00AF7920
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B0997D0_2_00B0997D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B17A4A0_2_00B17A4A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B17CA70_2_00B17CA7
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B11C770_2_00B11C77
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B29EEE0_2_00B29EEE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B7BE440_2_00B7BE44
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B11F320_2_00B11F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A3035F717_2_000002AE6A3035F7
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A773D7217_2_000002AE6A773D72
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A773DB217_2_000002AE6A773DB2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A77449C17_2_000002AE6A77449C
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 00B0F9F2 appears 40 times
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 00B10A30 appears 46 times
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: String function: 00AF9CB3 appears 31 times
    Source: rpDOUhuBC5.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/34@63/12
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B637B5 GetLastError,FormatMessageW,0_2_00B637B5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B510BF AdjustTokenPrivileges,CloseHandle,0_2_00B510BF
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B516C3
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00B651CD
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_00B5D4DC
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00B6648E
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00AF42A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1480:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:652:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1412:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2228:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: rpDOUhuBC5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.2194463181.000001D2B0BE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236321202.000001D2B0BE4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2193232779.000001D2B1D40000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.2238554660.000001D2B0BCE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243435216.000001D2A880C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.2286631981.000001D2B0B5C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: rpDOUhuBC5.exeReversingLabs: Detection: 42%
    Source: rpDOUhuBC5.exeVirustotal: Detection: 27%
    Source: unknownProcess created: C:\Users\user\Desktop\rpDOUhuBC5.exe "C:\Users\user\Desktop\rpDOUhuBC5.exe"
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2120 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c91e84-12cf-4f84-99b8-0a8cb701bda1} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d294e6ff10 socket
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2960 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b0b3ba-8265-4a07-8ba8-25e4102afd2f} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a7554a10 rdd
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 3752 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49b66a3-1c02-4383-b25f-759533b33a6a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a6711910 utility
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2120 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c91e84-12cf-4f84-99b8-0a8cb701bda1} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d294e6ff10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2960 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b0b3ba-8265-4a07-8ba8-25e4102afd2f} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a7554a10 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 3752 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49b66a3-1c02-4383-b25f-759533b33a6a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a6711910 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: rpDOUhuBC5.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.2154073147.000001D2B0F51000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: NapiNSP.pdbUGP source: firefox.exe, 0000000E.00000003.2183024623.000001D2A4727000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.2183557333.000001D2A4721000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: NapiNSP.pdb source: firefox.exe, 0000000E.00000003.2183024623.000001D2A4727000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.2154073147.000001D2B0F51000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.2183557333.000001D2A4721000.00000004.00000020.00020000.00000000.sdmp
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: rpDOUhuBC5.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B10A76 push ecx; ret 0_2_00B10A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B0F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00B0F98E
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B81C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00B81C41
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97522
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A3035F7 rdtsc 17_2_000002AE6A3035F7
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeAPI coverage: 3.8 %
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exe TID: 5608Thread sleep count: 102 > 30Jump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exe TID: 5608Thread sleep count: 119 > 30Jump to behavior
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B5DBBE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B2C2A2 FindFirstFileExW,0_2_00B2C2A2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B668EE FindFirstFileW,FindClose,0_2_00B668EE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B6698F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D076
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D3A9
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B69642
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B6979D
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B69B2B
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B65C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B65C97
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
    Source: rpDOUhuBC5.exe, 00000000.00000003.2120390000.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000002.2123336711.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2120179597.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2120771954.0000000000FE3000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2119951314.0000000000FBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW:c`
    Source: firefox.exe, 00000010.00000002.3304419825.0000016D1C200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllP
    Source: firefox.exe, 00000012.00000002.3301821175.000002D49AA7A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
    Source: firefox.exe, 00000010.00000002.3304419825.0000016D1C200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllR
    Source: firefox.exe, 00000010.00000002.3304419825.0000016D1C200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
    Source: firefox.exe, 00000010.00000002.3303631103.0000016D1C186000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWG]
    Source: rpDOUhuBC5.exe, 00000000.00000003.2120390000.0000000000FE1000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2120609983.0000000000FF9000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2120179597.0000000000FC2000.00000004.00000020.00020000.00000000.sdmp, rpDOUhuBC5.exe, 00000000.00000003.2119951314.0000000000FBE000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303037431.000002AE69ACA000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307459898.000002D49AFC0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3308582292.0000016D1C81B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000011.00000002.3308412277.000002AE6A330000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
    Source: firefox.exe, 00000010.00000002.3303631103.0000016D1C15A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3304419825.0000016D1C200000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3308412277.000002AE6A330000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: firefox.exe, 00000011.00000002.3308412277.000002AE6A330000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 17_2_000002AE6A3035F7 rdtsc 17_2_000002AE6A3035F7
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B6EAA2 BlockInput,0_2_00B6EAA2
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B22622
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B14CE8 mov eax, dword ptr fs:[00000030h]0_2_00B14CE8
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B50B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B22622
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B1083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B1083F
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B109D5 SetUnhandledExceptionFilter,0_2_00B109D5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B10C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B10C21
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B51201
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B32BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00B32BA5
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B5B226 SendInput,keybd_event,0_2_00B5B226
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00B722DA
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "c:\program files\mozilla firefox\firefox.exe" -contentproc --channel=2184 -parentbuildid 20230927232528 -prefshandle 2128 -prefmaphandle 2120 -prefslen 25308 -prefmapsize 237879 -win32klockeddown -appdir "c:\program files\mozilla firefox\browser" - {69c91e84-12cf-4f84-99b8-0a8cb701bda1} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d294e6ff10 socket
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "c:\program files\mozilla firefox\firefox.exe" -contentproc --channel=4140 -parentbuildid 20230927232528 -prefshandle 2208 -prefmaphandle 2960 -prefslen 26338 -prefmapsize 237879 -appdir "c:\program files\mozilla firefox\browser" - {97b0b3ba-8265-4a07-8ba8-25e4102afd2f} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a7554a10 rdd
    Source: C:\Windows\System32\conhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "c:\program files\mozilla firefox\firefox.exe" -contentproc --channel=3304 -parentbuildid 20230927232528 -sandboxingkind 0 -prefshandle 5072 -prefmaphandle 3752 -prefslen 33119 -prefmapsize 237879 -win32klockeddown -appdir "c:\program files\mozilla firefox\browser" - {d49b66a3-1c02-4383-b25f-759533b33a6a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a6711910 utility
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B50B62
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B51663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00B51663
    Source: rpDOUhuBC5.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: rpDOUhuBC5.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B10698 cpuid 0_2_00B10698
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B4D21C GetLocalTime,0_2_00B4D21C
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B4D27A GetUserNameW,0_2_00B4D27A
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B2B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00B2B952
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: rpDOUhuBC5.exe PID: 4196, type: MEMORYSTR
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_81
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_XP
    Source: rpDOUhuBC5.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_XPe
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_VISTA
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_7
    Source: rpDOUhuBC5.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: rpDOUhuBC5.exe PID: 4196, type: MEMORYSTR
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B71204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00B71204
    Source: C:\Users\user\Desktop\rpDOUhuBC5.exeCode function: 0_2_00B71806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00B71806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain Accounts1
    Command and Scripting Interpreter    		Logon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials11
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1581594 Sample: rpDOUhuBC5.exe Startdate: 28/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 rpDOUhuBC5.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 215 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube-ui.l.google.com 142.250.181.78, 443, 49711, 49712 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49713, 49719, 49721 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    rpDOUhuBC5.exe42%ReversingLabsWin32.Trojan.Amadey
    rpDOUhuBC5.exe28%VirustotalBrowse
    rpDOUhuBC5.exe100%AviraTR/ATRAPS.Gen
    rpDOUhuBC5.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%VirustotalBrowse
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.129
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.1.91
                		truefalse
                  		high
                  dyna.wikimedia.org
                  		185.15.58.224
                  		truefalse
                    		high
                    prod.remote-settings.prod.webservices.mozgcp.net
                    		34.149.100.209
                    		truefalse
                      		high
                      contile.services.mozilla.com
                      		34.117.188.166
                      		truefalse
                        		high
                        youtube.com
                        		142.250.181.78
                        		truefalse
                          		high
                          prod.content-signature-chains.prod.webservices.mozgcp.net
                          		34.160.144.191
                          		truefalse
                            		high
                            youtube-ui.l.google.com
                            		142.250.181.78
                            		truefalse
                              		high
                              us-west1.prod.sumo.prod.webservices.mozgcp.net
                              		34.149.128.2
                              		truefalse
                                		high
                                reddit.map.fastly.net
                                		151.101.193.140
                                		truefalse
                                  		high
                                  ipv4only.arpa
                                  		192.0.0.171
                                  		truefalse
                                    		high
                                    prod.ads.prod.webservices.mozgcp.net
                                    		34.117.188.166
                                    		truefalse
                                      		high
                                      push.services.mozilla.com
                                      		34.107.243.93
                                      		truefalse
                                        		high
                                        normandy-cdn.services.mozilla.com
                                        		35.201.103.21
                                        		truefalse
                                          		high
                                          telemetry-incoming.r53-2.services.mozilla.com
                                          		34.120.208.123
                                          		truefalse
                                            		high
                                            www.reddit.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              spocs.getpocket.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                content-signature-2.cdn.mozilla.net
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  support.mozilla.org
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    firefox.settings.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.youtube.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.facebook.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          detectportal.firefox.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            normandy.cdn.mozilla.net
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              shavar.services.mozilla.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                www.wikipedia.org
                                                                		unknown
                                                                		unknownfalse
                                                                  		high

                                                                  URLs from Memory and Binaries

                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.2273050972.000001D2B01A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.microsoftfirefox.exe, 0000000E.00000003.2184869078.000001D2A477C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184482935.000001D2A477B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2184085940.000001D2A477B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.2249436353.000001D2A7976000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239665931.000001D2B018B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2273113206.000001D2B018C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                		high
                                                                                https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000010.00000002.3305391527.0000016D1C772000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE8F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://json-schema.org/draft/2019-09/schema.firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.2118546141.000001D2AD13B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289758046.000001D2ACFC7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.amazon.com/exec/obidos/external-search/?field-keywords=&ie=UTF-8&mode=blended&tag=mozillfirefox.exe, 0000000E.00000003.2250899614.000001D2A6BDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://screenshots.firefox.comfirefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.2315188171.000001D2A792C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.2096734981.000001D2A4981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.2320653562.000001D2A56B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2274066714.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A5667000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.2286729121.000001D2B0B45000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.2096734981.000001D2A4981000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2198611492.000001D2A6942000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2270375042.000001D2A67C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://profiler.firefox.com/firefox.exe, 0000000E.00000003.2281518251.000001D2A3F59000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.msn.comfirefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.2096338728.000001D2A491D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096467998.000001D2A493E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096594244.000001D2A4960000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2096199780.000001D2A4E00000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://youtube.com/firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://json-schema.org/draft/2020-12/schema/=firefox.exe, 0000000E.00000003.2320615152.000001D2A580E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://youtube.com/account?=https://accounts.google.co-jUfirefox.exe, 00000010.00000002.3304918177.0000016D1C6F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ok.ru/firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.amazon.com/firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://fpn.firefox.comfirefox.exe, 0000000E.00000003.2281289701.000001D2A3FDA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://ocsp.rootca1.amazontrust.com0:firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 0000000E.00000003.2204269324.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2101311455.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2323336113.000001D2A4DDE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.youtube.com/firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D0A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.2271675630.000001D2A659A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://addons.mozilla.org/firefox/addon/to-google-translate/firefox.exe, 0000000E.00000003.2286924459.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255308726.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2239214089.000001D2B07DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.2240774170.000001D2ACD86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DC6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AEC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://127.0.0.1:firefox.exe, 0000000E.00000003.2282007891.000001D2A4E85000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://bugzilla.mofirefox.exe, 0000000E.00000003.2255308726.000001D2B0792000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://amazon.comfirefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.2274066714.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2318603120.000001D2A628B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2320653562.000001D2A56F7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 0000000E.00000003.2238554660.000001D2B0B92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000010.00000002.3305391527.0000016D1C7C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69DE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3307831024.000002D49B104000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.2272206233.000001D2A656E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2280859016.000001D2A441D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2266264574.000001D2ACA8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000011.00000002.3303792024.000002AE69D12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3304362303.000002D49AE13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://www.iqiyi.com/firefox.exe, 0000000E.00000003.2289236223.000001D2AD121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2118546141.000001D2AD123000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://youtube.com/account?=https://accounts.google.cofirefox.exe, 00000012.00000002.3307093475.000002D49AFB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.2330918130.00001F81CC804000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://addons.mozilla.org/firefox.exe, 0000000E.00000003.2239214089.000001D2B073D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYiprefs-1.js.14.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.2223313371.000001D2A427A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102398955.000001D2A63F0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102077493.000001D2A64DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218372817.000001D2A63C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2144813357.000001D2A63EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102888246.000001D2A53DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2275844013.000001D2A5DC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2212926625.000001D2ACB2A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2218372817.000001D2A63CF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249436353.000001D2A796A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2245564082.000001D2A84DA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2201646980.000001D2A69F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2197519591.000001D2A69EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199508279.000001D2A598B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268413745.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2213617078.000001D2A53F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2102220401.000001D2A53F9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2199134679.000001D2A59B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2292840678.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247882405.000001D2A7A8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://account.bellmedia.cfirefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.2267342183.000001D2A866D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2243568016.000001D2A866D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://www.zhihu.com/firefox.exe, 0000000E.00000003.2280167388.000001D2A44F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2269559614.000001D2A74DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.2120236060.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236916409.000001D2ACC53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2249741717.000001D2A7098000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2316075375.000001D2A7098000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.2271148623.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2127938984.000001D2A65D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.2212926625.000001D2ACB4C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.2265636446.000001D2ACFEC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2240428228.000001D2ACFEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2289613670.000001D2ACFF0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.2273241985.000001D2ACCA1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2255880372.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2236390343.000001D2ACC96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2242482093.000001D2ACC9B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.2127938984.000001D2A65C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://profiler.firefox.comfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.2281289701.000001D2A3FC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2206753002.000001D2A4C65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.2256489555.000001D2A67D3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2261936342.000001D2A67D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3304223197.0000016D1C1B0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000011.00000002.3307330049.000002AE6A280000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3303920793.000002D49AC80000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.2292730370.000001D2A7AC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2268413745.000001D2A7ABA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2247882405.000001D2A7ABA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.2145949930.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146469901.000001D2A633E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.2146541893.000001D2A6352000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high

                                                                                                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                                                                                                          Public IPs

                                                                                                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                          151.101.1.91
                                                                                                                                                                                                                                                                          		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                          		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                          34.149.100.209
                                                                                                                                                                                                                                                                          		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.107.243.93
                                                                                                                                                                                                                                                                          		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.107.221.82
                                                                                                                                                                                                                                                                          		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.244.181.201
                                                                                                                                                                                                                                                                          		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.117.188.166
                                                                                                                                                                                                                                                                          		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                          35.201.103.21
                                                                                                                                                                                                                                                                          		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          35.190.72.216
                                                                                                                                                                                                                                                                          		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          142.250.181.78
                                                                                                                                                                                                                                                                          		youtube.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                          34.160.144.191
                                                                                                                                                                                                                                                                          		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                          		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                          34.120.208.123
                                                                                                                                                                                                                                                                          		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                          		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                          Private

                                                                                                                                                                                                                                                                          IP
                                                                                                                                                                                                                                                                          127.0.0.1

                                                                                                                                                                                                                                                                          General Information

                                                                                                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                          Analysis ID:1581594
                                                                                                                                                                                                                                                                          Start date and time:2024-12-28 09:38:37 +01:00
                                                                                                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                          Overall analysis duration:0h 6m 59s
                                                                                                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                          Report type:full
                                                                                                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                          Number of analysed new started processes analysed:21
                                                                                                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                                                                                                          Technologies:
                                                                                                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                          Sample name:rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                          renamed because original name is a hash value
                                                                                                                                                                                                                                                                          Original Sample Name:1f856d82c95fcef4439c2c9d442e44f4.exe
                                                                                                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                                                                                                          Classification:mal80.troj.evad.winEXE@34/34@63/12
                                                                                                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 50%
                                                                                                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                                                                                                          • Successful, ratio: 96%
                                                                                                                                                                                                                                                                          • Number of executed functions: 49
                                                                                                                                                                                                                                                                          • Number of non-executed functions: 294
                                                                                                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                                                                                                                                                                          Warnings

                                                                                                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 23.218.208.109, 54.148.175.110, 44.232.159.99, 52.40.120.141, 172.217.17.74, 172.217.17.46, 88.221.134.155, 88.221.134.209, 4.245.163.56, 13.107.246.63
                                                                                                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, ocsp.digicert.com, redirector.gvt1.com, e16604.g.akamaiedge.net, safebrowsing.googleapis.com, prod.fs.microsoft.com.akadns.net, location.services.mozilla.com
                                                                                                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                                                                                                          Simulations

                                                                                                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                                                                                                          TimeTypeDescription
                                                                                                                                                                                                                                                                          03:39:38API Interceptor1x Sleep call for process: firefox.exe modified

                                                                                                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                                                                                                          IPs

                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                          34.117.188.166ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                            cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                              NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                  nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                    gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                      gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                            ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                  34.149.100.209https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                    ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                        NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                      34.160.144.191https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                        ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                          cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                            NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                              nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                        ghostspider.7zGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          example.orgReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                          star-mini.c10r.facebook.comhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.252.35
                                                                                                                                                                                                                                                                                                                                                          http://vanessa.nilsson@dmava.nj.govGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                          https://fsharetv.co/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                          http://plnbl.io/review/FSUQBEfTfzwHGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                          https://liladelman.com/rental/1218-west-side-road-block-island/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.195.35
                                                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                          twitter.comhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                          ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.65
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 104.244.42.129

                                                                                                                                                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          FASTLYUShttps://www.dropbox.com/scl/fi/lncgsm76k7l5ix7fuu5t6/2024-OK-House-Outreach.pdf?rlkey=o4qr50zpdw1z14o6ikdg6zjt8&st=lrloyzlo&dl=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                                          http://track.rbfcu.org/y.z?l=https://google.com/amp/s/t.ly/5SpZS&r=14387614172&d=18473&p=2&t=hGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                          http://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=N_pyUL0QJkeR_KiXHZsVlyTB1Qoy7S9IkE8Ogzl8coFUMFBJSDkxQ0w3VVZMNFJFUlNDRVkyU05CUi4uGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                          Electrum-bch-4.4.2-x86_64.AppImage.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                                          w22319us3M.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.109.133
                                                                                                                                                                                                                                                                                                                                                          OiMp3TH.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                                          https://dnsextension.pro/invoice/d2d0bf8701b34bc296ca83b956c10720Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.129.229
                                                                                                                                                                                                                                                                                                                                                          grand-theft-auto-5-theme-1-installer_qb8W-j1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 151.101.2.133
                                                                                                                                                                                                                                                                                                                                                          5uVReRlvME.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Remcos, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.110.133
                                                                                                                                                                                                                                                                                                                                                          DRWgoZo325.exeGet hashmaliciousLummaC, Amadey, AsyncRAT, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 185.199.111.133
                                                                                                                                                                                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                          ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                          Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                          Canvas of Kings_N6xC-S2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                          cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                          https://property-management-portal.replit.app/%2520%2522https:/property-management-portal.replit.app/%2522Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.33.233
                                                                                                                                                                                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                          Violated Heroine_91zbZ-1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.223.223
                                                                                                                                                                                                                                                                                                                                                          https://email.equifaxbreachsettlement.com/c/eJwczbFugzAQANCvsccIzoaYwQMNWE1VEQoM2SxzPgRSCJS4pfn7qt2f9Lx2FDunOOn4KGQWZUopPmqCAb0Uie8hxR6VP6bocQBKMO4TJfikIQIZAwAIkFIdhB9SzAQJJdOk90cmI_r8mgb302_kcHxQCDea6R4OuMz8pscQ1gcTOQPDwOz7fpif60armzzSPdD25xiYjTzRzIQhXDwxUZzeTHN9iV5l137wTXdV-d5eKgXAZPR047L8B0GX5mrr5mKbvMtt3ZR1fi7sKW8KW5zbzrZlVfBvDb8BAAD__6sTT70Get hashmaliciousHtmlDropperBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.67.241.53
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                          ATGS-MMD-ASUShttps://haleborealis.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.81.203
                                                                                                                                                                                                                                                                                                                                                          https://greensofttech1-my.sharepoint.com/:f:/g/personal/stella_huang_greensofttech1_onmicrosoft_com/EuOSopXBEUpFhaHAwqFRDM8BeWLY-Gsl0U9Az2fOy4x80A?e=GhPegT&xsdata=MDV8MDJ8TVB1Z2FAaHljaXRlLmNvbXxjMDM5NmJhZjcxOTM0YzBkMTc3ZDA4ZGQxMzcwNWQ3MnxmYzVjNjhmNjk3ZjM0ZWZlYjY4OWViNWMxMjM0ZjgyMXwwfDB8NjM4Njg4MDk1NTQ0NTA0NzA2fFVua25vd258VFdGcGJHWnNiM2Q4ZXlKRmJYQjBlVTFoY0draU9uUnlkV1VzSWxZaU9pSXdMakF1TURBd01DSXNJbEFpT2lKWGFXNHpNaUlzSWtGT0lqb2lUV0ZwYkNJc0lsZFVJam95ZlE9PXwwfHx8&sdata=SVpsejJNYUlwY213VjNreGxSNU1LaFJXcnpXS3pwWjhYR2k5ZUthLzlsMD0%3dGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.i686.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.3.189.217
                                                                                                                                                                                                                                                                                                                                                          db0fa4b8db0333367e9bda3ab68b8042.sh4.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                                                                                                                                                          • 51.97.11.221
                                                                                                                                                                                                                                                                                                                                                          ReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          xd.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.226.14.3
                                                                                                                                                                                                                                                                                                                                                          xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 48.82.97.179
                                                                                                                                                                                                                                                                                                                                                          xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 34.56.199.147
                                                                                                                                                                                                                                                                                                                                                          xd.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 57.42.114.35
                                                                                                                                                                                                                                                                                                                                                          xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                          • 32.75.117.204

                                                                                                                                                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcaReJIL-_Document_No._2500015903.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                          • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                          • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                          • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                          • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                          • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)cMTqzvmx9u.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, RedLineBrowse
                                                                                                                                                                                                                                                                                                                                                            NetFxRepairTools.msiGet hashmaliciousQuasarBrowse
                                                                                                                                                                                                                                                                                                                                                              nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                nM0h824cc3.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    gTU8ed4669.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                      ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                        do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                          https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                                            tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_747667d3-d77d-44ba-b625-eede6f315421.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.182607771624381
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:wKMXjfocbhbVbTbfbRbObtbyEl7n8ryJA6wnSrDtTkd/SV:wPkcNhnzFSJcrhjnSrDhkd/0
                                                                                                                                                                                                                                                                                                                                                                              MD5:5482EBB08B0C260A3CCE77836AA815D5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C299A41D74E4B2145F8AD5FB4CFB7A595795C575
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5F05E49C6BC36727690B09317309357D4BD4398AEE3C62B4DB2604D09F6F2871
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:157D115491FBE9F694228FA023831D1A9A1C4096D3F2B00B69575C82022EE61F7163EAA961F86FE1C39CBF5A939FC1D9B402BC722535EFA15867132126E990B0
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"747667d3-d77d-44ba-b625-eede6f315421","creationDate":"2024-12-28T10:12:05.226Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                              C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_747667d3-d77d-44ba-b625-eede6f315421.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):7813
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.182607771624381
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:wKMXjfocbhbVbTbfbRbObtbyEl7n8ryJA6wnSrDtTkd/SV:wPkcNhnzFSJcrhjnSrDhkd/0
                                                                                                                                                                                                                                                                                                                                                                              MD5:5482EBB08B0C260A3CCE77836AA815D5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C299A41D74E4B2145F8AD5FB4CFB7A595795C575
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5F05E49C6BC36727690B09317309357D4BD4398AEE3C62B4DB2604D09F6F2871
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:157D115491FBE9F694228FA023831D1A9A1C4096D3F2B00B69575C82022EE61F7163EAA961F86FE1C39CBF5A939FC1D9B402BC722535EFA15867132126E990B0
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"type":"uninstall","id":"747667d3-d77d-44ba-b625-eede6f315421","creationDate":"2024-12-28T10:12:05.226Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                              MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                              SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                              MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.929791642686114
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNp90xeln:8S+OVPUFRbOdwNIOdYpjvY1Q6LO28P
                                                                                                                                                                                                                                                                                                                                                                              MD5:1CBF81449371FD55E7AEA984E6498D18
                                                                                                                                                                                                                                                                                                                                                                              SHA1:67366E0D2592C5D25F85FE3EDDB12BEFFEC9EE29
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A14B9B0E02CD227561F44D0EA908B3F4C8581F775CA369B619B7542A964ECB3E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7F8F90F5C6C2F1F4186F8090FB42D0A3E68AC3843BB033E2DAD7E590F707EBA7C71D9A0015C8D76BF57894EBD74C65B9F1CABC7E64C05FC1519FEABCD8B8FD33
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):3621
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.929791642686114
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakNp90xeln:8S+OVPUFRbOdwNIOdYpjvY1Q6LO28P
                                                                                                                                                                                                                                                                                                                                                                              MD5:1CBF81449371FD55E7AEA984E6498D18
                                                                                                                                                                                                                                                                                                                                                                              SHA1:67366E0D2592C5D25F85FE3EDDB12BEFFEC9EE29
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:A14B9B0E02CD227561F44D0EA908B3F4C8581F775CA369B619B7542A964ECB3E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7F8F90F5C6C2F1F4186F8090FB42D0A3E68AC3843BB033E2DAD7E590F707EBA7C71D9A0015C8D76BF57894EBD74C65B9F1CABC7E64C05FC1519FEABCD8B8FD33
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                              MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                              SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):5308
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.599374203470186
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                                                                                                                                                                                                                                                                              MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                                                                                                                                                                                                                                                                              SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                              MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                              SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04905141882491872
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                              MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                              MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1867463390487
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                                                                                                                                                                                                                                                                              MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                                                                                                                                                                                                                                                                              SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                              • Filename: cMTqzvmx9u.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: NetFxRepairTools.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: nM0h824cc3.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: gTU8ed4669.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                              MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                              MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                              SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.07329574694033295
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zki:DLhesh7Owd4+ji
                                                                                                                                                                                                                                                                                                                                                                              MD5:C28436A0ED91F01EFF3E54EF842170DB
                                                                                                                                                                                                                                                                                                                                                                              SHA1:D88BFA96BE00CC5D9BB316639A08D5681AD66527
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FE580BC0481E840151D3C6DFA7A431360FCCA812613938BCB897B94B98F2FCA4
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:7935AD75F3A77E3D023FD65EF8C8BEE587DA6C073A66962AD0C16C73ED7E89824B5FDFA101926BDF2F8D0597ED493B1D8D27CFE5776C1EB194E32EACE20AFCA9
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.035699946889726504
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:GtlstFQwTB2ZwvCOitYHlYtlstFQwTB2ZwvCOitYH//lJ89//alEl:GtWtS0AZaKYmtWtS0AZaKY3L89XuM
                                                                                                                                                                                                                                                                                                                                                                              MD5:1ADEDFC47AB5F99A78FEED1EB4341512
                                                                                                                                                                                                                                                                                                                                                                              SHA1:E7E18F42B1F04502036CBF7997A75624BDB6B567
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:4A995DC2597485E94A820CE7267472E3279AD1A013D235CD1B0118FF855EBD16
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:F01B09BA5D2D7FAC3D844F809828A9466BF819C762DF1B32B458920ECB923F4A4DFA203C51E0DC5FD69B00C922B0C6DE10089A6BB22017FED22F7ADF395F7523
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:..-.......................-....C...gk.JX.=b..-.......................-....C...gk.JX.=b........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):32824
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.039548582200063215
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:Ol1ZXCMl0C3jmkvCT7H4wl8rEXsxdwhml8XW3R2:KvtHmmKLl8dMhm93w
                                                                                                                                                                                                                                                                                                                                                                              MD5:1EBD4EE87171771057EE784932C122F6
                                                                                                                                                                                                                                                                                                                                                                              SHA1:B24526171021D48B9EE71B4AB1B5E4867EBA1800
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:E9026EA0CE42831D0EDE761D7B981BF8822B8F92EA44BEDE0D3193501FBB88C0
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:6B3BC642B0130DBC5164CAA2317625CB6462C8B8F86423820C555880D5D365007664DC57C7F9854AED96AE539E5E9989BB482EC37AEF9F6A22A8EC2CFE5A3D47
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:7....-...........C...gi.F.............C...g.......-................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.48008153746403
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:vnPOeRnLYbBp6aJ0aX+W6SEXKwaNmZ5RHWNBw8dKSl:nDe7JUthWaHEwN0
                                                                                                                                                                                                                                                                                                                                                                              MD5:41B3522BC376356CD4BB5999CE1552C5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F163B0BBB2CAF870065496CC6FBE75F1ADAC89EA
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:03A9A508E563B08F710F8D0F93653A29C33E239C86E96721730E73D8231862B3
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:32ECAAA37DC0FAC993715DBA93F70214236E7FA1FF1CCEC56FC2E9E677230F48AEEC7A8D620D66A31652169D22F5408BDDCAD8039CBEF44010862D1D279A6CE4
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735380695);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735380695);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735380695);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173538

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):13187
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.48008153746403
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:192:vnPOeRnLYbBp6aJ0aX+W6SEXKwaNmZ5RHWNBw8dKSl:nDe7JUthWaHEwN0
                                                                                                                                                                                                                                                                                                                                                                              MD5:41B3522BC376356CD4BB5999CE1552C5
                                                                                                                                                                                                                                                                                                                                                                              SHA1:F163B0BBB2CAF870065496CC6FBE75F1ADAC89EA
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:03A9A508E563B08F710F8D0F93653A29C33E239C86E96721730E73D8231862B3
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:32ECAAA37DC0FAC993715DBA93F70214236E7FA1FF1CCEC56FC2E9E677230F48AEEC7A8D620D66A31652169D22F5408BDDCAD8039CBEF44010862D1D279A6CE4
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1735380695);..user_pref("app.update.lastUpdateTime.background-update-timer", 1735380695);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1735380695);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173538

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                                                                                                                                                                                                                                                                              MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                                                                                                                                                                                                                                                                              SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                              MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                              SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1570
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3499890152856935
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSC/LXnIrO/pnxQwRcWT5sKmgb07MU3eHVpjO+cdamhujJwO2c0TFKv:GUpOx9//nRcoeghU3erjxg4JwccKBtd
                                                                                                                                                                                                                                                                                                                                                                              MD5:E2B9431892B86AE4C54D1459777A4A8B
                                                                                                                                                                                                                                                                                                                                                                              SHA1:B4979E54B6A1A873CCB644ADCBE17EA47AEF90DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5C4265C6A3488B2C6FB6313DD7BB87EF2D6D3CA37440E781026CE8BA9C625478
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0B5319AE26864DDE10F5A1B96CD8DCECD8841C8E51B275CF0BC6650AFA2377B08178DCCFAB6A94AAC0FEF06743E3E1023421891CF868DA88E4DEB4AE2974515B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{97d4cfcf-3ffa-40e0-9642-58181154db1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1735380700193,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate.....vtartTim..`665034...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....670185,"originA....

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1570
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3499890152856935
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSC/LXnIrO/pnxQwRcWT5sKmgb07MU3eHVpjO+cdamhujJwO2c0TFKv:GUpOx9//nRcoeghU3erjxg4JwccKBtd
                                                                                                                                                                                                                                                                                                                                                                              MD5:E2B9431892B86AE4C54D1459777A4A8B
                                                                                                                                                                                                                                                                                                                                                                              SHA1:B4979E54B6A1A873CCB644ADCBE17EA47AEF90DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5C4265C6A3488B2C6FB6313DD7BB87EF2D6D3CA37440E781026CE8BA9C625478
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0B5319AE26864DDE10F5A1B96CD8DCECD8841C8E51B275CF0BC6650AFA2377B08178DCCFAB6A94AAC0FEF06743E3E1023421891CF868DA88E4DEB4AE2974515B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{97d4cfcf-3ffa-40e0-9642-58181154db1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1735380700193,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate.....vtartTim..`665034...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....670185,"originA....

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):1570
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.3499890152856935
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:v+USUGlcAxSC/LXnIrO/pnxQwRcWT5sKmgb07MU3eHVpjO+cdamhujJwO2c0TFKv:GUpOx9//nRcoeghU3erjxg4JwccKBtd
                                                                                                                                                                                                                                                                                                                                                                              MD5:E2B9431892B86AE4C54D1459777A4A8B
                                                                                                                                                                                                                                                                                                                                                                              SHA1:B4979E54B6A1A873CCB644ADCBE17EA47AEF90DB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:5C4265C6A3488B2C6FB6313DD7BB87EF2D6D3CA37440E781026CE8BA9C625478
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:0B5319AE26864DDE10F5A1B96CD8DCECD8841C8E51B275CF0BC6650AFA2377B08178DCCFAB6A94AAC0FEF06743E3E1023421891CF868DA88E4DEB4AE2974515B
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":7,"docshellUU...D"{97d4cfcf-3ffa-40e0-9642-58181154db1c}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":8,"persistK..+}],"lastAccessed":1735380700193,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...Wm..l........j..:....1":{..jUpdate.....vtartTim..`665034...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Tecure2..C.Donly..eexpiry....670185,"originA....

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                              MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                              SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0297715121339115
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:ycRMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:gTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                              MD5:D4EA62423449B30654444CAE5D698699
                                                                                                                                                                                                                                                                                                                                                                              SHA1:9B11D8D024B104950CCBF57EF9CC0778C56AE4CB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:58FADB79BD8920EF105936297777E4CF7CE03EE38DD382AE0FEFFA5884E0A533
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4A654ECCA2B0DDB5D95C2AD1C84B457781CE4CF089CEA7AFDAC99584FE6F18D75A8FAD826D1FBE480F61BB43CAA654ED9F387D52DFCDDC5B50C9CFF6403AE853
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-28T10:11:14.669Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                                                                                                              Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):5.0297715121339115
                                                                                                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:96:ycRMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:gTEr5NX0z3DhRe
                                                                                                                                                                                                                                                                                                                                                                              MD5:D4EA62423449B30654444CAE5D698699
                                                                                                                                                                                                                                                                                                                                                                              SHA1:9B11D8D024B104950CCBF57EF9CC0778C56AE4CB
                                                                                                                                                                                                                                                                                                                                                                              SHA-256:58FADB79BD8920EF105936297777E4CF7CE03EE38DD382AE0FEFFA5884E0A533
                                                                                                                                                                                                                                                                                                                                                                              SHA-512:4A654ECCA2B0DDB5D95C2AD1C84B457781CE4CF089CEA7AFDAC99584FE6F18D75A8FAD826D1FBE480F61BB43CAA654ED9F387D52DFCDDC5B50C9CFF6403AE853
                                                                                                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                                                                                                              Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-28T10:11:14.669Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                              Entropy (8bit):6.704095702702296
                                                                                                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                              File name:rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                              File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5:1f856d82c95fcef4439c2c9d442e44f4
                                                                                                                                                                                                                                                                                                                                                                              SHA1:cb7fabe82a409e77c3d0d422117de414c08ce485
                                                                                                                                                                                                                                                                                                                                                                              SHA256:bc1a85c3048089f8730fe0c0c995fbede05597a6706be54c541add28cfe1d9af
                                                                                                                                                                                                                                                                                                                                                                              SHA512:4e646bf7f8a1dabc5a56f2502024de0399ec8b42261cb84304fb8b16a55219363c9e9f1a2af507c7111ddf845895b029ab25f1766b7eca1ccf649e9c41db66fc
                                                                                                                                                                                                                                                                                                                                                                              SSDEEP:24576:yqDEvCTbMWu7rQYlBQcBiT6rprG8aAPg:yTvC/MTQYxsWR7aAP
                                                                                                                                                                                                                                                                                                                                                                              TLSH:2F259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13981DB9BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                                                                                                              Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                              Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                              Time Stamp:0x676F2C35 [Fri Dec 27 22:37:41 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                              OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                              Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                              Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C31F43h
                                                                                                                                                                                                                                                                                                                                                                              jmp 00007F9D78C3184Fh
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C31A2Dh
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C319FAh
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                              add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C345EDh
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                              pop esi
                                                                                                                                                                                                                                                                                                                                                                              pop ebp
                                                                                                                                                                                                                                                                                                                                                                              retn 0004h
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C34638h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx
                                                                                                                                                                                                                                                                                                                                                                              ret
                                                                                                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                                                                                                              mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                              lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                              mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                                                                                                              call 00007F9D78C34621h
                                                                                                                                                                                                                                                                                                                                                                              test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                              pop ecx

                                                                                                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                                                                                                              • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                              • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x16580.rsrc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                              .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                              .rsrc0xd40000x165800x16600d45159d884a3608e539e0b72a8b2ac27False0.7046853177374302data7.179470013468991IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                              .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                              RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                              RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                              RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                              RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                              RT_RCDATA0xdc8fc0xd704data1.0004723493932126
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xea0000x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xea0780x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xea08c0x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0xea0a00x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                              RT_VERSION0xea0b40xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                              RT_MANIFEST0xea1900x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                                                                                                              WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                              VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                              WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                              MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                              WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                              PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                              IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                              USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                              UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                              KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                              USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                              GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                              COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                              ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                              SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                              ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                              OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                              EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.444387913 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.444427013 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.445322990 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.452007055 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.452023029 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.466170073 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.466223001 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.467070103 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.467128992 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.471967936 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.472585917 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.472606897 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.473954916 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.473972082 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.475198984 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.475219965 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.591541052 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.591759920 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.591759920 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.711246014 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.724122047 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.729214907 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.736243963 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.736243963 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.736263037 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.736474991 CET4434971035.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.737171888 CET49710443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.189033985 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.189093113 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.189986944 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.190032959 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.190696001 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.190758944 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.197477102 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.197479963 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.197529078 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.197630882 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.197648048 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.199026108 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.199039936 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.200309038 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.200323105 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.351866961 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.351903915 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.352149010 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.352149010 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.352178097 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.724307060 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.768927097 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.184318066 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.214627981 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.215430021 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.215641022 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.216351032 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.219666004 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.219696045 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.219769001 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.219894886 CET44349712142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.220150948 CET49712443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.257477999 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.257556915 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.258202076 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.258424997 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.261050940 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.261071920 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.261141062 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.261229992 CET44349711142.250.181.78192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.261276007 CET49711443192.168.2.5142.250.181.78
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.304289103 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.308355093 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.308502913 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.428010941 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.463381052 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.463396072 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.466231108 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.466248989 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.471082926 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.471175909 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.488924026 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.488940954 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.489308119 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.492595911 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.492671013 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.492810011 CET4434971535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.494935989 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.494935989 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.494961977 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.495557070 CET4434971634.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.503247976 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.503274918 CET49715443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.503281116 CET49716443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.521728039 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.521747112 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.523490906 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.527915001 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.527926922 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.527997017 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.528137922 CET4434971734.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.529109001 CET49717443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.612137079 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.621089935 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.621606112 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.628412962 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.628428936 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.628670931 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.650234938 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.650314093 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.650477886 CET4434971834.160.144.191192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.651804924 CET49718443192.168.2.534.160.144.191
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.741022110 CET804971334.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.741736889 CET4971380192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.968559980 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.968621016 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.978643894 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.986331940 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.988212109 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.988236904 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.098428965 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.098628044 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.098774910 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.218228102 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.440519094 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.443465948 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.563354015 CET804971934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.563487053 CET4971980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.778862000 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.778920889 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.779587984 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.779721022 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.779730082 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.921525002 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.921567917 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.921700954 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.923074961 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.923086882 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.946822882 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.946855068 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.946930885 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.948225021 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.948235989 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.003563881 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.003618002 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.004273891 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.005985022 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.005995035 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.184257030 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.188071966 CET4972880192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.227669954 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.252648115 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.252660990 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.252708912 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.256906033 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.256917000 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.257025957 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.257091045 CET4434972034.117.188.166192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.259659052 CET49720443192.168.2.534.117.188.166
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.261233091 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.307568073 CET804972834.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.307641983 CET4972880192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.307796001 CET4972880192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.380675077 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.427194118 CET804972834.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.575603008 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.581265926 CET4972880192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.589864016 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.628869057 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.709502935 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.709593058 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.709769964 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.742871046 CET804972834.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.829286098 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.034960032 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.039331913 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.042589903 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.045291901 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.045315027 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.045650959 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.048403978 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.048472881 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.048599958 CET4434972435.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.048832893 CET49724443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.138211012 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.143325090 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.152041912 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.203088045 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.203113079 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.203149080 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.203387022 CET4434972534.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.204519033 CET49725443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.208252907 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.208324909 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.213164091 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.213171959 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.213232040 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.213319063 CET4434972634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.213747978 CET49726443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.235698938 CET804972834.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.249362946 CET4972880192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.267187119 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.269572973 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.331650019 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.331671953 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.331746101 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.331892967 CET4434972734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:41.350450039 CET49727443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.191288948 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.236850977 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.286964893 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.287039042 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.467107058 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.499083996 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.499145985 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.501406908 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.501435041 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504309893 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504424095 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504425049 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504441023 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504519939 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.504534006 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.507226944 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.507272959 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.512609959 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.514075041 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.514089108 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.586669922 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.617278099 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.617320061 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.617405891 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.618782043 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.618803978 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.781552076 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.785633087 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.841069937 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.905244112 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.248395920 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.288997889 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.725109100 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.730714083 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.759824038 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.760402918 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.774992943 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.774997950 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.802958965 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.802988052 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.803294897 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.833724976 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.833758116 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.834064007 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.835057974 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.835083008 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.835372925 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.838418007 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.858582020 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.874690056 CET49733443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.874712944 CET4434973334.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.875019073 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.876873970 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877041101 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877068996 CET4434973234.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877389908 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877463102 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877552986 CET4434973134.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877769947 CET49732443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.877784967 CET49731443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.878463984 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.881911993 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.881921053 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.882006884 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.882091045 CET4434973434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.882280111 CET49734443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.892934084 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.892982006 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.893953085 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.894066095 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.894078970 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.895131111 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.897933006 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.897962093 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.898998022 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.899133921 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.899146080 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.900945902 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.900988102 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.901284933 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.902569056 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.902581930 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.014636040 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.209250927 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.261393070 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.421339989 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.540983915 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.753930092 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.809812069 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.104356050 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.105698109 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.109112978 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.109128952 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.109424114 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.112719059 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.112843037 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.112898111 CET4434973534.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.113010883 CET49735443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.202080965 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.202159882 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.204751015 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.206114054 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.206124067 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.206381083 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.206387043 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212059021 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212163925 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212224007 CET4434973634.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212296009 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212307930 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212358952 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212502956 CET4434973734.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212507010 CET49736443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:45.212656021 CET49737443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.642268896 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.761840105 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.762104034 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.762135029 CET4434974134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.762877941 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.956618071 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:49.006510019 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.048839092 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.048861980 CET4434974134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.588968992 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.708472013 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.921467066 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.965568066 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:51.667248964 CET4434974134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:51.667340994 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:52.541739941 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:52.541764975 CET4434974134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:52.541893005 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:52.542013884 CET4434974134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:52.548618078 CET49741443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.082510948 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.202027082 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.396922112 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.450766087 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.294644117 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.414283037 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.627473116 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.676474094 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.776191950 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.776241064 CET4434977134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.776623011 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.778141022 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.778157949 CET4434977134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:03.403635025 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:03.523498058 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.034189939 CET4434977134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.034383059 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.039110899 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.039129972 CET4434977134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.039187908 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.039340973 CET4434977134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.041652918 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.042787075 CET49771443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.161108017 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.356163025 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.363713980 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.371820927 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.371865988 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.374733925 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.375225067 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.375236988 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.391506910 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.391556025 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.394891977 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.394903898 CET4434977735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.399535894 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.399655104 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.399693012 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.399701118 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.400496960 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.401197910 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.401213884 CET4434977735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.483397961 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617275000 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617311001 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617378950 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617490053 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617499113 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.696547031 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.698373079 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.698415995 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.705488920 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.707041979 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.707062006 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.738681078 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.586055994 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.586205006 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.589245081 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.589257002 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.589601040 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.591605902 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.591690063 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.591768980 CET4434977535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.592477083 CET49775443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.595809937 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.658708096 CET4434977735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.658843040 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.662606955 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.662623882 CET4434977735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.662763119 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.662796974 CET4434977735.190.72.216192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.663256884 CET49777443192.168.2.535.190.72.216
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.663331985 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.663369894 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.663547993 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.666385889 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.666395903 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.667671919 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.668687105 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.668761015 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.668883085 CET4434977634.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.669858932 CET49776443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.715270042 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.880513906 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.880789995 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.883783102 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.883790016 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.884207964 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.886482954 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.886562109 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.886679888 CET44349778151.101.1.91192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.892729044 CET49778443192.168.2.5151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.893882036 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.893949986 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.894150019 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.894268036 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.894280910 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.895925045 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.895950079 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.896306038 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.896398067 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.896406889 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.897914886 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.897924900 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.897991896 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.898099899 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.898107052 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.910077095 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.912736893 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.957791090 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.023876905 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.023895025 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.023961067 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.029510021 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.029525042 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.029588938 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.029736996 CET4434977935.201.103.21192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.030425072 CET49779443192.168.2.535.201.103.21
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.032218933 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.032419920 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.041615009 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.041666031 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.041816950 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.041912079 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.041925907 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.151861906 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.245158911 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.296413898 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.347080946 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.349746943 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.396737099 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.469394922 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.682148933 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.728837013 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.104149103 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.104228973 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.107202053 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.107214928 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.107646942 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.107855082 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.107980967 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.109431028 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.110404015 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.110411882 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.110686064 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.112299919 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.112394094 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.112514973 CET4434978535.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.113382101 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.113435984 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.113559961 CET4434978635.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.114425898 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.114429951 CET49785443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.114460945 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.114461899 CET49786443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.117432117 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.117444992 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.117677927 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.119024992 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.120794058 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.120862961 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.120903969 CET4434978735.244.181.201192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.123521090 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.123545885 CET49787443192.168.2.535.244.181.201
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.238491058 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.345969915 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.346116066 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.349663019 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.349684000 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.349997997 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.352411985 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.352504969 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.352583885 CET4434978934.149.100.209192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.353358030 CET49789443192.168.2.534.149.100.209
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.433634043 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.436408043 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.484708071 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.747407913 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.039623022 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.039799929 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.039839983 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.043983936 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.056344986 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.175834894 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.252408981 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.303123951 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.371232033 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.374804020 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.422632933 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.494398117 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.707386017 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.750372887 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.373791933 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.493500948 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.712387085 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.832057953 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.281902075 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.281954050 CET4434983134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.282290936 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.284329891 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.284347057 CET4434983134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.494805098 CET4434983134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.494885921 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.498667002 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.498684883 CET4434983134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.498758078 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.498836040 CET4434983134.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.498976946 CET49831443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.501630068 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.621143103 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.816090107 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.819391012 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.864027977 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.938915014 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:26.151910067 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:26.196103096 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.606981039 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.607033968 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.607357979 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.607398033 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.608860970 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.609002113 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.609004021 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.609013081 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.609131098 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.609143972 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.820113897 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.820189953 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.823093891 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.823106050 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.823371887 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.824599981 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.825939894 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.826054096 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.826095104 CET4434985334.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.826227903 CET49853443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.830276966 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.912262917 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.912390947 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.915862083 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.915880919 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.916229963 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.918586969 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.918725014 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.918793917 CET4434985434.120.208.123192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.919715881 CET49854443192.168.2.534.120.208.123
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.944056988 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.952543974 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.144772053 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.148268938 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.163373947 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.194624901 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.267853975 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.282972097 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.481214046 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.526729107 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.153373957 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.272924900 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.492247105 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.612230062 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.280514002 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.400074959 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.619349957 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.739799976 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.890896082 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.890944004 CET4434992634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.891395092 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.892937899 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.892951012 CET4434992634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.410188913 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.529685974 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.748874903 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.868424892 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.195197105 CET4434992634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.195463896 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.201905012 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.201915979 CET4434992634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.202027082 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.202074051 CET4434992634.107.243.93192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.202238083 CET49926443192.168.2.534.107.243.93
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.204715967 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.324261904 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.519444942 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.523087025 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.566966057 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.836667061 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.881778002 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.882051945 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.936800957 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.956295013 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:17.525448084 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:17.645028114 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:17.964560032 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:18.084140062 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:27.653721094 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:27.773159981 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:28.092720032 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:28.212883949 CET804972934.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:37.772865057 CET4972180192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:37.892539978 CET804972134.107.221.82192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:38.220909119 CET4972980192.168.2.534.107.221.82
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:38.340497017 CET804972934.107.221.82192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.444392920 CET4956853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.585911036 CET53495681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.602602005 CET5611353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.742835999 CET53561131.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.933501005 CET5761653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.933501005 CET5163453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.451261997 CET53576161.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.476918936 CET6300953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.477197886 CET6278653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616087914 CET53627861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616231918 CET53630091.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616703987 CET5026753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.617019892 CET5563753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.656126976 CET5137253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.700082064 CET5833153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.755959988 CET53502671.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.756005049 CET53556371.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.795802116 CET53513721.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.087852955 CET53583311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192329884 CET6450553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192492008 CET5562853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192639112 CET4917553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.210549116 CET6300853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.331572056 CET53491751.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.331584930 CET53645051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332278013 CET6327953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332340956 CET6313453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332645893 CET53556281.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.333117962 CET5159053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.350409031 CET53630081.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.472383022 CET53632791.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.472543955 CET53515901.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.473397017 CET6050753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.473637104 CET53631341.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.613353968 CET53605071.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.622885942 CET6372353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.763279915 CET53637231.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.865696907 CET5814653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.868083000 CET6119453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.005405903 CET53581461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.007245064 CET53611941.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.042114973 CET6457753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.072846889 CET6299053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.483954906 CET5167053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.624145985 CET53516701.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.633167982 CET5957753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.772782087 CET53595771.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.777621031 CET4969653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.797399998 CET6451753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.916944981 CET53496961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.936506987 CET53645171.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.955743074 CET5332553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.979676962 CET53618381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.003834963 CET6119253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.096218109 CET53533251.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.098716974 CET6167353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.145716906 CET53611921.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.148865938 CET5299653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.237770081 CET53616731.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.287853003 CET53529961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.457408905 CET5138853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.600456953 CET53513881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.601264954 CET6079653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.740818024 CET53607961.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.746428013 CET5727153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.888830900 CET53572711.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.386888027 CET5751253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.387141943 CET6285453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.387182951 CET6295753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET53575121.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526765108 CET53628541.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.527686119 CET5359953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.527880907 CET53629571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.528026104 CET5776153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.529383898 CET6346953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.668049097 CET53535991.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.668715000 CET5973153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET53577611.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670641899 CET5475053192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.671937943 CET53634691.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.673166037 CET5235353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812129974 CET53597311.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812145948 CET53547501.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.813380957 CET6413853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.813467026 CET53523531.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.816016912 CET5402653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET53641381.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960063934 CET53540261.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960800886 CET6358853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960800886 CET4968353192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.102837086 CET53635881.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108022928 CET5115753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108052969 CET53496831.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108592033 CET4960553192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.250976086 CET53496051.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.319828033 CET53511571.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.761123896 CET6204653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.900192022 CET53620461.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.776573896 CET5730453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.915646076 CET53573041.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.379338026 CET5842953192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.391290903 CET6158653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.398907900 CET5007853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.522125006 CET53584291.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.616127014 CET53615861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617829084 CET5269853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.696149111 CET53500781.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.699031115 CET5026853192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.756975889 CET53526981.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.757616997 CET5418653192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.898854017 CET53541861.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.904051065 CET53502681.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.904618979 CET5424253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.044886112 CET53542421.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.282179117 CET5002253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.422256947 CET53500221.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.607938051 CET6078453192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.747231007 CET53607841.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.830698967 CET5935153192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.749059916 CET5346253192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.889413118 CET53534621.1.1.1192.168.2.5
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.891330957 CET5371753192.168.2.51.1.1.1
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.031989098 CET53537171.1.1.1192.168.2.5

                                                                                                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.444392920 CET192.168.2.51.1.1.10xa3aaStandard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.602602005 CET192.168.2.51.1.1.10x4f4Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.933501005 CET192.168.2.51.1.1.10xfa9cStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.933501005 CET192.168.2.51.1.1.10x7d69Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.476918936 CET192.168.2.51.1.1.10xddffStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.477197886 CET192.168.2.51.1.1.10x5a04Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616703987 CET192.168.2.51.1.1.10xa99fStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.617019892 CET192.168.2.51.1.1.10x330bStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.656126976 CET192.168.2.51.1.1.10x5a18Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.700082064 CET192.168.2.51.1.1.10x2906Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192329884 CET192.168.2.51.1.1.10x609Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192492008 CET192.168.2.51.1.1.10x12e5Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.192639112 CET192.168.2.51.1.1.10xf34dStandard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.210549116 CET192.168.2.51.1.1.10x8e66Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332278013 CET192.168.2.51.1.1.10x37f4Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332340956 CET192.168.2.51.1.1.10xf360Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.333117962 CET192.168.2.51.1.1.10x9fd8Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.473397017 CET192.168.2.51.1.1.10xe27aStandard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.622885942 CET192.168.2.51.1.1.10x7475Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.865696907 CET192.168.2.51.1.1.10xd42Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.868083000 CET192.168.2.51.1.1.10x4091Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.042114973 CET192.168.2.51.1.1.10x9251Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.072846889 CET192.168.2.51.1.1.10x91a4Standard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.483954906 CET192.168.2.51.1.1.10x87e2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.633167982 CET192.168.2.51.1.1.10x9145Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.777621031 CET192.168.2.51.1.1.10xc074Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.797399998 CET192.168.2.51.1.1.10x4397Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.955743074 CET192.168.2.51.1.1.10xe067Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.003834963 CET192.168.2.51.1.1.10x527cStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.098716974 CET192.168.2.51.1.1.10x60eeStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.148865938 CET192.168.2.51.1.1.10xe698Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.457408905 CET192.168.2.51.1.1.10x9088Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.601264954 CET192.168.2.51.1.1.10x526Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.746428013 CET192.168.2.51.1.1.10xb03fStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.386888027 CET192.168.2.51.1.1.10x807dStandard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.387141943 CET192.168.2.51.1.1.10x2de8Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.387182951 CET192.168.2.51.1.1.10xe27Standard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.527686119 CET192.168.2.51.1.1.10x2c33Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.528026104 CET192.168.2.51.1.1.10x5c99Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.529383898 CET192.168.2.51.1.1.10xe237Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.668715000 CET192.168.2.51.1.1.10x63f7Standard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670641899 CET192.168.2.51.1.1.10x18dfStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.673166037 CET192.168.2.51.1.1.10xa813Standard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.813380957 CET192.168.2.51.1.1.10xd711Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.816016912 CET192.168.2.51.1.1.10x8f85Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960800886 CET192.168.2.51.1.1.10xd59Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960800886 CET192.168.2.51.1.1.10xd31cStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108022928 CET192.168.2.51.1.1.10x1839Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108592033 CET192.168.2.51.1.1.10x63f0Standard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.761123896 CET192.168.2.51.1.1.10x7e5bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:02.776573896 CET192.168.2.51.1.1.10x431bStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.379338026 CET192.168.2.51.1.1.10xf68eStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.391290903 CET192.168.2.51.1.1.10x545eStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.398907900 CET192.168.2.51.1.1.10xfe77Standard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.617829084 CET192.168.2.51.1.1.10x7921Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.699031115 CET192.168.2.51.1.1.10x6ca3Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.757616997 CET192.168.2.51.1.1.10xdc7fStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.904618979 CET192.168.2.51.1.1.10x146cStandard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:24.282179117 CET192.168.2.51.1.1.10xb1a2Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.607938051 CET192.168.2.51.1.1.10x6a39Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.830698967 CET192.168.2.51.1.1.10x5f03Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.749059916 CET192.168.2.51.1.1.10xb676Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.891330957 CET192.168.2.51.1.1.10xffb1Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.439085960 CET1.1.1.1192.168.2.50x67b4No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:35.585911036 CET1.1.1.1192.168.2.50xa3aaNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.451261997 CET1.1.1.1192.168.2.50xfa9cNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.452266932 CET1.1.1.1192.168.2.50x7d69No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.452266932 CET1.1.1.1192.168.2.50x7d69No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616087914 CET1.1.1.1192.168.2.50x5a04No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.616231918 CET1.1.1.1192.168.2.50xddffNo error (0)youtube.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.755959988 CET1.1.1.1192.168.2.50xa99fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.756005049 CET1.1.1.1192.168.2.50x330bNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.792354107 CET1.1.1.1192.168.2.50xf5ffNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.792354107 CET1.1.1.1192.168.2.50xf5ffNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.795802116 CET1.1.1.1192.168.2.50x5a18No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.087852955 CET1.1.1.1192.168.2.50x2906No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.087852955 CET1.1.1.1192.168.2.50x2906No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.331572056 CET1.1.1.1192.168.2.50xf34dNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.331584930 CET1.1.1.1192.168.2.50x609No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.332645893 CET1.1.1.1192.168.2.50x12e5No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.350409031 CET1.1.1.1192.168.2.50x8e66No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.350409031 CET1.1.1.1192.168.2.50x8e66No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.350409031 CET1.1.1.1192.168.2.50x8e66No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.613353968 CET1.1.1.1192.168.2.50xe27aNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.763279915 CET1.1.1.1192.168.2.50x7475No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.005405903 CET1.1.1.1192.168.2.50xd42No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.007245064 CET1.1.1.1192.168.2.50x4091No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.007245064 CET1.1.1.1192.168.2.50x4091No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.181365967 CET1.1.1.1192.168.2.50x9251No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.181365967 CET1.1.1.1192.168.2.50x9251No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.521919966 CET1.1.1.1192.168.2.50x91a4No error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.624145985 CET1.1.1.1192.168.2.50x87e2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.768332958 CET1.1.1.1192.168.2.50x9feeNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.768332958 CET1.1.1.1192.168.2.50x9feeNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.772782087 CET1.1.1.1192.168.2.50x9145No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.936506987 CET1.1.1.1192.168.2.50x4397No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.936506987 CET1.1.1.1192.168.2.50x4397No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.991540909 CET1.1.1.1192.168.2.50xcbf8No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.096218109 CET1.1.1.1192.168.2.50xe067No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.145716906 CET1.1.1.1192.168.2.50x527cNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.600456953 CET1.1.1.1192.168.2.50x9088No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.600456953 CET1.1.1.1192.168.2.50x9088No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.600456953 CET1.1.1.1192.168.2.50x9088No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.616291046 CET1.1.1.1192.168.2.50x5719No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.740818024 CET1.1.1.1192.168.2.50x526No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526750088 CET1.1.1.1192.168.2.50x807dNo error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526765108 CET1.1.1.1192.168.2.50x2de8No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.526765108 CET1.1.1.1192.168.2.50x2de8No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.527880907 CET1.1.1.1192.168.2.50xe27No error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.527880907 CET1.1.1.1192.168.2.50xe27No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.668049097 CET1.1.1.1192.168.2.50x2c33No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com142.250.181.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.670078039 CET1.1.1.1192.168.2.50x5c99No error (0)youtube-ui.l.google.com172.217.21.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.671937943 CET1.1.1.1192.168.2.50xe237No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812129974 CET1.1.1.1192.168.2.50x63f7No error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812145948 CET1.1.1.1192.168.2.50x18dfNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812145948 CET1.1.1.1192.168.2.50x18dfNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812145948 CET1.1.1.1192.168.2.50x18dfNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.812145948 CET1.1.1.1192.168.2.50x18dfNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.813467026 CET1.1.1.1192.168.2.50xa813No error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET1.1.1.1192.168.2.50xd711No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET1.1.1.1192.168.2.50xd711No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET1.1.1.1192.168.2.50xd711No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET1.1.1.1192.168.2.50xd711No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.956069946 CET1.1.1.1192.168.2.50xd711No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:47.960063934 CET1.1.1.1192.168.2.50x8f85No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.102837086 CET1.1.1.1192.168.2.50xd59No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.102837086 CET1.1.1.1192.168.2.50xd59No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.102837086 CET1.1.1.1192.168.2.50xd59No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.102837086 CET1.1.1.1192.168.2.50xd59No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.108052969 CET1.1.1.1192.168.2.50xd31cNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.616127014 CET1.1.1.1192.168.2.50x545eNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.616127014 CET1.1.1.1192.168.2.50x545eNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.616127014 CET1.1.1.1192.168.2.50x545eNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.616127014 CET1.1.1.1192.168.2.50x545eNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.696149111 CET1.1.1.1192.168.2.50xfe77No error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.696149111 CET1.1.1.1192.168.2.50xfe77No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.756975889 CET1.1.1.1192.168.2.50x7921No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.756975889 CET1.1.1.1192.168.2.50x7921No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.756975889 CET1.1.1.1192.168.2.50x7921No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.756975889 CET1.1.1.1192.168.2.50x7921No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.898854017 CET1.1.1.1192.168.2.50xdc7fNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.898854017 CET1.1.1.1192.168.2.50xdc7fNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.898854017 CET1.1.1.1192.168.2.50xdc7fNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.898854017 CET1.1.1.1192.168.2.50xdc7fNo error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.904051065 CET1.1.1.1192.168.2.50x6ca3No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.080667973 CET1.1.1.1192.168.2.50xca4fNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.080667973 CET1.1.1.1192.168.2.50xca4fNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:34.605473042 CET1.1.1.1192.168.2.50x8853No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.051661968 CET1.1.1.1192.168.2.50x5f03No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.051661968 CET1.1.1.1192.168.2.50x5f03No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:05.889413118 CET1.1.1.1192.168.2.50xb676No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                              • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              0192.168.2.54971334.107.221.82801412C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:36.591759920 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:37.724307060 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72976
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              1192.168.2.54971934.107.221.82801412C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:38.308502913 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.440519094 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 16:56:01 GMT
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Age: 56618
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              2192.168.2.54972134.107.221.82801412C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:39.098774910 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.184257030 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72979
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.261233091 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.575603008 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72979
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.467107058 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.781552076 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72981
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.895131111 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.209250927 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72983
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.642268896 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:48.956618071 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72987
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.082510948 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:53.396922112 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 72992
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:03.403635025 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.041652918 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.356163025 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73003
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.595809937 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.910077095 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73004
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.032419920 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.347080946 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73005
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.119024992 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.433634043 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73006
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.039623022 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73006
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.056344986 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.371232033 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73007
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.373791933 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.501630068 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.816090107 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73024
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.824599981 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:35.830276966 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.144772053 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73034
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.153373957 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.280514002 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.410188913 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.204715967 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.519444942 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:23:21 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 73066
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:17.525448084 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:27.653721094 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:37.772865057 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              3192.168.2.54972834.107.221.82801412C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.307796001 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache


                                                                                                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                              4192.168.2.54972934.107.221.82801412C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:40.709769964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.191288948 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71036
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.286964893 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71036
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:42.785633087 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:43.248395920 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71037
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.421339989 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:44.753930092 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71039
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.588968992 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:50.921467066 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71045
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.294644117 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:39:54.627473116 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71049
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.363713980 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:04.696547031 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71059
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:05.912736893 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.245158911 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71061
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.349746943 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:06.682148933 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71061
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.436408043 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:07.747407913 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.252408981 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71063
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.374804020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:08.707386017 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71063
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:18.712387085 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:25.819391012 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:26.151910067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71080
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.148268938 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.163373947 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:36.481214046 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71091
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:46.492247105 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:40:56.619349957 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:06.748874903 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.523087025 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.836667061 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                              Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:07.882051945 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                              Date: Fri, 27 Dec 2024 12:55:45 GMT
                                                                                                                                                                                                                                                                                                                                                                              Age: 71122
                                                                                                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                              Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                              Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:17.964560032 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:28.092720032 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                              Dec 28, 2024 09:41:38.220909119 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:27
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\rpDOUhuBC5.exe"
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xaf0000
                                                                                                                                                                                                                                                                                                                                                                              File size:970'752 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:1F856D82C95FCEF4439C2C9D442E44F4
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:2
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:28
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:28
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:30
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                              Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0xee0000
                                                                                                                                                                                                                                                                                                                                                                              File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:31
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                                                                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:31
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:31
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:31
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:32
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20230927232528 -prefsHandle 2128 -prefMapHandle 2120 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c91e84-12cf-4f84-99b8-0a8cb701bda1} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d294e6ff10 socket
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:34
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4140 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2960 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b0b3ba-8265-4a07-8ba8-25e4102afd2f} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a7554a10 rdd
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                                                                                                                                                                                                              Start time:03:39:38
                                                                                                                                                                                                                                                                                                                                                                              Start date:28/12/2024
                                                                                                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5072 -prefMapHandle 3752 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d49b66a3-1c02-4383-b25f-759533b33a6a} 1412 "\\.\pipe\gecko-crash-server-pipe.1412" 1d2a6711910 utility
                                                                                                                                                                                                                                                                                                                                                                              Imagebase:0x7ff79f9e0000
                                                                                                                                                                                                                                                                                                                                                                              File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                              MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                                                                                                Execution Coverage:2.5%
                                                                                                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                                Signature Coverage:4%
                                                                                                                                                                                                                                                                                                                                                                                Total number of Nodes:1754
                                                                                                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:54
                                                                                                                                                                                                                                                                                                                                                                                execution_graph 95470 b43f75 95481 b0ceb1 95470->95481 95472 b43f8b 95473 b44006 95472->95473 95548 b0e300 23 API calls 95472->95548 95490 afbf40 95473->95490 95476 b44052 95479 b44a88 95476->95479 95550 b6359c 82 API calls __wsopen_s 95476->95550 95477 b43fe6 95477->95476 95549 b61abf 22 API calls 95477->95549 95482 b0ced2 95481->95482 95483 b0cebf 95481->95483 95485 b0cf05 95482->95485 95486 b0ced7 95482->95486 95551 afaceb 95483->95551 95488 afaceb 23 API calls 95485->95488 95561 b0fddb 95486->95561 95489 b0cec9 95488->95489 95489->95472 95585 afadf0 95490->95585 95492 afbf9d 95493 b404b6 95492->95493 95494 afbfa9 95492->95494 95613 b6359c 82 API calls __wsopen_s 95493->95613 95496 afc01e 95494->95496 95497 b404c6 95494->95497 95590 afac91 95496->95590 95614 b6359c 82 API calls __wsopen_s 95497->95614 95500 afc7da 95602 b0fe0b 95500->95602 95506 b404f5 95509 b4055a 95506->95509 95615 b0d217 348 API calls 95506->95615 95533 afc603 95509->95533 95616 b6359c 82 API calls __wsopen_s 95509->95616 95510 b0fe0b 22 API calls 95546 afc350 ISource __fread_nolock 95510->95546 95511 afaf8a 22 API calls 95545 afc039 ISource __fread_nolock 95511->95545 95512 b57120 22 API calls 95512->95545 95513 afc808 __fread_nolock 95513->95510 95514 b4091a 95649 b63209 23 API calls 95514->95649 95517 afec40 348 API calls 95517->95545 95518 b408a5 95623 afec40 95518->95623 95520 b408cf 95520->95533 95647 afa81b 41 API calls 95520->95647 95522 b40591 95617 b6359c 82 API calls __wsopen_s 95522->95617 95523 b408f6 95648 b6359c 82 API calls __wsopen_s 95523->95648 95527 afbbe0 40 API calls 95527->95545 95529 afc237 95531 afc253 95529->95531 95650 afa8c7 22 API calls __fread_nolock 95529->95650 95530 afaceb 23 API calls 95530->95545 95535 b40976 95531->95535 95540 afc297 ISource 95531->95540 95533->95476 95534 b0fe0b 22 API calls 95534->95545 95538 afaceb 23 API calls 95535->95538 95537 b0fddb 22 API calls 95537->95545 95539 b409bf 95538->95539 95539->95533 95651 b6359c 82 API calls __wsopen_s 95539->95651 95540->95539 95541 afaceb 23 API calls 95540->95541 95542 afc335 95541->95542 95542->95539 95543 afc342 95542->95543 95601 afa704 22 API calls ISource 95543->95601 95545->95500 95545->95506 95545->95509 95545->95511 95545->95512 95545->95513 95545->95514 95545->95517 95545->95518 95545->95522 95545->95523 95545->95527 95545->95529 95545->95530 95545->95533 95545->95534 95545->95537 95545->95539 95594 afad81 95545->95594 95618 b57099 22 API calls __fread_nolock 95545->95618 95619 b75745 54 API calls _wcslen 95545->95619 95620 b0aa42 22 API calls ISource 95545->95620 95621 b5f05c 40 API calls 95545->95621 95622 afa993 41 API calls 95545->95622 95547 afc3ac 95546->95547 95612 b0ce17 22 API calls ISource 95546->95612 95547->95476 95548->95477 95549->95473 95550->95479 95552 afacf9 95551->95552 95560 afad2a ISource 95551->95560 95553 afad55 95552->95553 95555 afad01 ISource 95552->95555 95553->95560 95571 afa8c7 22 API calls __fread_nolock 95553->95571 95556 b3fa48 95555->95556 95557 afad21 95555->95557 95555->95560 95556->95560 95572 b0ce17 22 API calls ISource 95556->95572 95558 b3fa3a VariantClear 95557->95558 95557->95560 95558->95560 95560->95489 95563 b0fde0 95561->95563 95564 b0fdfa 95563->95564 95567 b0fdfc 95563->95567 95573 b1ea0c 95563->95573 95580 b14ead 7 API calls 2 library calls 95563->95580 95564->95489 95566 b1066d 95582 b132a4 RaiseException 95566->95582 95567->95566 95581 b132a4 RaiseException 95567->95581 95570 b1068a 95570->95489 95571->95560 95572->95560 95578 b23820 __FrameHandler3::FrameUnwindToState 95573->95578 95574 b2385e 95584 b1f2d9 20 API calls __dosmaperr 95574->95584 95576 b23849 RtlAllocateHeap 95577 b2385c 95576->95577 95576->95578 95577->95563 95578->95574 95578->95576 95583 b14ead 7 API calls 2 library calls 95578->95583 95580->95563 95581->95566 95582->95570 95583->95578 95584->95577 95586 afae01 95585->95586 95589 afae1c ISource 95585->95589 95652 afaec9 95586->95652 95588 afae09 CharUpperBuffW 95588->95589 95589->95492 95591 afacae 95590->95591 95593 afacd1 95591->95593 95658 b6359c 82 API calls __wsopen_s 95591->95658 95593->95545 95595 b3fadb 95594->95595 95596 afad92 95594->95596 95597 b0fddb 22 API calls 95596->95597 95598 afad99 95597->95598 95659 afadcd 95598->95659 95601->95546 95604 b0fddb 95602->95604 95603 b1ea0c ___std_exception_copy 21 API calls 95603->95604 95604->95603 95605 b0fdfa 95604->95605 95607 b0fdfc 95604->95607 95672 b14ead 7 API calls 2 library calls 95604->95672 95605->95513 95611 b1066d 95607->95611 95673 b132a4 RaiseException 95607->95673 95610 b1068a 95610->95513 95674 b132a4 RaiseException 95611->95674 95612->95546 95613->95497 95614->95533 95615->95509 95616->95533 95617->95533 95618->95545 95619->95545 95620->95545 95621->95545 95622->95545 95624 afec76 ISource 95623->95624 95625 b0fddb 22 API calls 95624->95625 95626 affef7 95624->95626 95629 b44b0b 95624->95629 95630 afa8c7 22 API calls 95624->95630 95631 b44600 95624->95631 95636 b10242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95624->95636 95638 affbe3 95624->95638 95639 afed9d ISource 95624->95639 95640 afa961 22 API calls 95624->95640 95642 b100a3 29 API calls pre_c_initialization 95624->95642 95644 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95624->95644 95645 b44beb 95624->95645 95646 aff3ae ISource 95624->95646 95675 b001e0 95624->95675 95736 b006a0 41 API calls ISource 95624->95736 95625->95624 95626->95639 95738 afa8c7 22 API calls __fread_nolock 95626->95738 95740 b6359c 82 API calls __wsopen_s 95629->95740 95630->95624 95631->95639 95737 afa8c7 22 API calls __fread_nolock 95631->95737 95636->95624 95638->95639 95641 b44bdc 95638->95641 95638->95646 95639->95520 95640->95624 95741 b6359c 82 API calls __wsopen_s 95641->95741 95642->95624 95644->95624 95742 b6359c 82 API calls __wsopen_s 95645->95742 95646->95639 95739 b6359c 82 API calls __wsopen_s 95646->95739 95647->95523 95648->95533 95649->95529 95650->95531 95651->95533 95653 afaedc 95652->95653 95657 afaed9 __fread_nolock 95652->95657 95654 b0fddb 22 API calls 95653->95654 95655 afaee7 95654->95655 95656 b0fe0b 22 API calls 95655->95656 95656->95657 95657->95588 95658->95593 95663 afaddd 95659->95663 95660 afadb6 95660->95545 95661 b0fddb 22 API calls 95661->95663 95663->95660 95663->95661 95665 afadcd 22 API calls 95663->95665 95666 afa961 95663->95666 95671 afa8c7 22 API calls __fread_nolock 95663->95671 95665->95663 95667 b0fe0b 22 API calls 95666->95667 95668 afa976 95667->95668 95669 b0fddb 22 API calls 95668->95669 95670 afa984 95669->95670 95670->95663 95671->95663 95672->95604 95673->95611 95674->95610 95676 b00206 95675->95676 95691 b0027e 95675->95691 95677 b00213 95676->95677 95678 b45411 95676->95678 95685 b45435 95677->95685 95686 b0021d 95677->95686 95818 b77b7e 348 API calls 2 library calls 95678->95818 95679 b45405 95817 b6359c 82 API calls __wsopen_s 95679->95817 95681 afec40 348 API calls 95681->95691 95684 b45466 95687 b45471 95684->95687 95688 b45493 95684->95688 95685->95684 95690 b4544d 95685->95690 95716 b00230 ISource 95686->95716 95823 afa8c7 22 API calls __fread_nolock 95686->95823 95820 b77b7e 348 API calls 2 library calls 95687->95820 95743 b75689 95688->95743 95689 b00405 95689->95624 95819 b6359c 82 API calls __wsopen_s 95690->95819 95691->95681 95691->95689 95698 b451b9 95691->95698 95709 b003f9 95691->95709 95717 b003b2 ISource 95691->95717 95721 b451ce ISource 95691->95721 95722 b00344 95691->95722 95696 b45332 95696->95716 95816 afa8c7 22 API calls __fread_nolock 95696->95816 95813 b6359c 82 API calls __wsopen_s 95698->95813 95700 b45532 95821 b61119 22 API calls 95700->95821 95702 b4568a 95703 b456c0 95702->95703 95848 b77771 67 API calls 95702->95848 95708 afaceb 23 API calls 95703->95708 95706 b45668 95825 af7510 95706->95825 95713 b00273 ISource 95708->95713 95709->95689 95812 b6359c 82 API calls __wsopen_s 95709->95812 95711 b454b9 95750 b60acc 95711->95750 95712 b4569e 95719 af7510 53 API calls 95712->95719 95713->95624 95716->95702 95716->95713 95824 b77632 54 API calls __wsopen_s 95716->95824 95717->95679 95717->95696 95717->95713 95717->95716 95815 b0a308 348 API calls 95717->95815 95731 b456a6 _wcslen 95719->95731 95720 b45544 95822 afa673 22 API calls 95720->95822 95721->95713 95721->95717 95814 b6359c 82 API calls __wsopen_s 95721->95814 95722->95709 95811 b004f0 22 API calls 95722->95811 95723 b003a5 95723->95709 95723->95717 95727 b4554d 95733 b60acc 22 API calls 95727->95733 95728 b45670 _wcslen 95728->95702 95730 afaceb 23 API calls 95728->95730 95730->95702 95731->95703 95732 afaceb 23 API calls 95731->95732 95732->95703 95734 b45566 95733->95734 95735 afbf40 348 API calls 95734->95735 95735->95716 95736->95624 95737->95639 95738->95639 95739->95639 95740->95639 95741->95645 95742->95639 95744 b756a4 95743->95744 95749 b4549e 95743->95749 95745 b0fe0b 22 API calls 95744->95745 95747 b756c6 95745->95747 95746 b0fddb 22 API calls 95746->95747 95747->95746 95747->95749 95849 b60a59 95747->95849 95749->95700 95749->95711 95751 b454e3 95750->95751 95752 b60ada 95750->95752 95754 b01310 95751->95754 95752->95751 95753 b0fddb 22 API calls 95752->95753 95753->95751 95755 b017b0 95754->95755 95756 b01376 95754->95756 95892 b10242 5 API calls __Init_thread_wait 95755->95892 95758 b01390 95756->95758 95759 b46331 95756->95759 95853 b01940 95758->95853 95760 b4633d 95759->95760 95902 b7709c 348 API calls 95759->95902 95760->95716 95762 b017ba 95764 b017fb 95762->95764 95893 af9cb3 95762->95893 95769 b46346 95764->95769 95771 b0182c 95764->95771 95766 b01940 9 API calls 95768 b013b6 95766->95768 95768->95764 95770 b013ec 95768->95770 95903 b6359c 82 API calls __wsopen_s 95769->95903 95770->95769 95794 b01408 __fread_nolock 95770->95794 95772 afaceb 23 API calls 95771->95772 95774 b01839 95772->95774 95900 b0d217 348 API calls 95774->95900 95775 b017d4 95899 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95775->95899 95778 b4636e 95904 b6359c 82 API calls __wsopen_s 95778->95904 95779 b0152f 95781 b463d1 95779->95781 95782 b0153c 95779->95782 95906 b75745 54 API calls _wcslen 95781->95906 95784 b01940 9 API calls 95782->95784 95785 b01549 95784->95785 95788 b464fa 95785->95788 95790 b01940 9 API calls 95785->95790 95786 b0fddb 22 API calls 95786->95794 95787 b0fe0b 22 API calls 95787->95794 95798 b46369 95788->95798 95908 b6359c 82 API calls __wsopen_s 95788->95908 95789 b01872 95901 b0faeb 23 API calls 95789->95901 95796 b01563 95790->95796 95793 afec40 348 API calls 95793->95794 95794->95774 95794->95778 95794->95779 95794->95786 95794->95787 95794->95793 95795 b463b2 95794->95795 95794->95798 95905 b6359c 82 API calls __wsopen_s 95795->95905 95796->95788 95801 b015c7 ISource 95796->95801 95907 afa8c7 22 API calls __fread_nolock 95796->95907 95798->95716 95800 b01940 9 API calls 95800->95801 95801->95788 95801->95789 95801->95798 95801->95800 95803 b0167b ISource 95801->95803 95863 b81591 95801->95863 95866 b7abf7 95801->95866 95871 b65c5a 95801->95871 95876 b7a2ea 95801->95876 95881 b0f645 95801->95881 95888 b7ab67 95801->95888 95802 b0171d 95802->95716 95803->95802 95891 b0ce17 22 API calls ISource 95803->95891 95811->95723 95812->95713 95813->95721 95814->95717 95815->95717 95816->95716 95817->95678 95818->95716 95819->95713 95820->95716 95821->95720 95822->95727 95823->95716 95824->95706 95826 af7525 95825->95826 95842 af7522 95825->95842 95827 af752d 95826->95827 95828 af755b 95826->95828 96095 b151c6 26 API calls 95827->96095 95829 b350f6 95828->95829 95832 af756d 95828->95832 95833 b3500f 95828->95833 96098 b15183 26 API calls 95829->96098 96096 b0fb21 51 API calls 95832->96096 95840 b35088 95833->95840 95843 b0fe0b 22 API calls 95833->95843 95834 af753d 95838 b0fddb 22 API calls 95834->95838 95835 b3510e 95835->95835 95839 af7547 95838->95839 95841 af9cb3 22 API calls 95839->95841 96097 b0fb21 51 API calls 95840->96097 95841->95842 95842->95728 95844 b35058 95843->95844 95845 b0fddb 22 API calls 95844->95845 95846 b3507f 95845->95846 95847 af9cb3 22 API calls 95846->95847 95847->95840 95848->95712 95850 b60a7a 95849->95850 95851 b0fddb 22 API calls 95850->95851 95852 b60a85 95850->95852 95851->95852 95852->95747 95854 b01981 95853->95854 95855 b0195d 95853->95855 95909 b10242 5 API calls __Init_thread_wait 95854->95909 95862 b013a0 95855->95862 95911 b10242 5 API calls __Init_thread_wait 95855->95911 95858 b0198b 95858->95855 95910 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95858->95910 95859 b08727 95859->95862 95912 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95859->95912 95862->95766 95913 b82ad8 95863->95913 95865 b8159f 95865->95801 95941 b7aff9 95866->95941 95868 b7ac54 95868->95801 95869 b7ac0c 95869->95868 95870 afaceb 23 API calls 95869->95870 95870->95868 95872 af7510 53 API calls 95871->95872 95873 b65c6d 95872->95873 96069 b5dbbe lstrlenW 95873->96069 95875 b65c77 95875->95801 95877 af7510 53 API calls 95876->95877 95878 b7a306 95877->95878 96074 b5d4dc CreateToolhelp32Snapshot Process32FirstW 95878->96074 95880 b7a315 95880->95801 95882 afb567 39 API calls 95881->95882 95883 b0f659 95882->95883 95884 b0f661 timeGetTime 95883->95884 95885 b4f2dc Sleep 95883->95885 95886 afb567 39 API calls 95884->95886 95887 b0f677 95886->95887 95887->95801 95889 b7aff9 217 API calls 95888->95889 95890 b7ab79 95889->95890 95890->95801 95891->95803 95892->95762 95894 af9cc2 _wcslen 95893->95894 95895 b0fe0b 22 API calls 95894->95895 95896 af9cea __fread_nolock 95895->95896 95897 b0fddb 22 API calls 95896->95897 95898 af9d00 95897->95898 95898->95775 95899->95764 95900->95789 95901->95789 95902->95760 95903->95798 95904->95798 95905->95798 95906->95796 95907->95801 95908->95798 95909->95858 95910->95855 95911->95859 95912->95862 95914 afaceb 23 API calls 95913->95914 95915 b82af3 95914->95915 95916 b82b1d 95915->95916 95917 b82aff 95915->95917 95924 af6b57 95916->95924 95918 af7510 53 API calls 95917->95918 95920 b82b0c 95918->95920 95922 b82b1b 95920->95922 95923 afa8c7 22 API calls __fread_nolock 95920->95923 95922->95865 95923->95922 95925 b34ba1 95924->95925 95926 af6b67 _wcslen 95924->95926 95937 af93b2 95925->95937 95929 af6b7d 95926->95929 95930 af6ba2 95926->95930 95928 b34baa 95928->95928 95936 af6f34 22 API calls 95929->95936 95932 b0fddb 22 API calls 95930->95932 95934 af6bae 95932->95934 95933 af6b85 __fread_nolock 95933->95922 95935 b0fe0b 22 API calls 95934->95935 95935->95933 95936->95933 95938 af93c9 __fread_nolock 95937->95938 95939 af93c0 95937->95939 95938->95928 95939->95938 95940 afaec9 22 API calls 95939->95940 95940->95938 95942 b7b01d ___scrt_fastfail 95941->95942 95943 b7b094 95942->95943 95944 b7b058 95942->95944 95947 afb567 39 API calls 95943->95947 95951 b7b08b 95943->95951 96039 afb567 95944->96039 95946 b7b0ed 95949 af7510 53 API calls 95946->95949 95950 b7b0a5 95947->95950 95948 b7b063 95948->95951 95952 afb567 39 API calls 95948->95952 95954 b7b10b 95949->95954 95955 afb567 39 API calls 95950->95955 95951->95946 95953 afb567 39 API calls 95951->95953 95956 b7b078 95952->95956 95953->95946 96032 af7620 95954->96032 95955->95951 95958 afb567 39 API calls 95956->95958 95958->95951 95959 b7b115 95960 b7b11f 95959->95960 95961 b7b1d8 95959->95961 95963 af7510 53 API calls 95960->95963 95962 b7b20a GetCurrentDirectoryW 95961->95962 95964 af7510 53 API calls 95961->95964 95965 b0fe0b 22 API calls 95962->95965 95966 b7b130 95963->95966 95967 b7b1ef 95964->95967 95968 b7b22f GetCurrentDirectoryW 95965->95968 95969 af7620 22 API calls 95966->95969 95970 af7620 22 API calls 95967->95970 95971 b7b23c 95968->95971 95972 b7b13a 95969->95972 95973 b7b1f9 _wcslen 95970->95973 95975 b7b275 95971->95975 96044 af9c6e 22 API calls 95971->96044 95974 af7510 53 API calls 95972->95974 95973->95962 95973->95975 95976 b7b14b 95974->95976 95983 b7b287 95975->95983 95984 b7b28b 95975->95984 95978 af7620 22 API calls 95976->95978 95980 b7b155 95978->95980 95979 b7b255 96045 af9c6e 22 API calls 95979->96045 95982 af7510 53 API calls 95980->95982 95986 b7b166 95982->95986 95988 b7b39a CreateProcessW 95983->95988 95989 b7b2f8 95983->95989 96047 b607c0 10 API calls 95984->96047 95985 b7b265 96046 af9c6e 22 API calls 95985->96046 95991 af7620 22 API calls 95986->95991 96025 b7b32f _wcslen 95988->96025 96050 b511c8 39 API calls 95989->96050 95994 b7b170 95991->95994 95992 b7b294 96048 b606e6 10 API calls 95992->96048 95997 b7b1a6 GetSystemDirectoryW 95994->95997 96002 af7510 53 API calls 95994->96002 95996 b7b2fd 96000 b7b323 95996->96000 96001 b7b32a 95996->96001 95999 b0fe0b 22 API calls 95997->95999 95998 b7b2aa 96049 b605a7 8 API calls 95998->96049 96005 b7b1cb GetSystemDirectoryW 95999->96005 96051 b51201 128 API calls 2 library calls 96000->96051 96052 b514ce 6 API calls 96001->96052 96007 b7b187 96002->96007 96004 b7b2d0 96004->95983 96005->95971 96010 af7620 22 API calls 96007->96010 96009 b7b328 96009->96025 96013 b7b191 _wcslen 96010->96013 96011 b7b3d6 GetLastError 96023 b7b41a 96011->96023 96012 b7b42f CloseHandle 96014 b7b43f 96012->96014 96024 b7b49a 96012->96024 96013->95971 96013->95997 96016 b7b446 CloseHandle 96014->96016 96017 b7b451 96014->96017 96016->96017 96018 b7b463 96017->96018 96019 b7b458 CloseHandle 96017->96019 96021 b7b475 96018->96021 96022 b7b46a CloseHandle 96018->96022 96019->96018 96020 b7b4a6 96020->96023 96053 b609d9 34 API calls 96021->96053 96022->96021 96036 b60175 96023->96036 96024->96020 96028 b7b4d2 CloseHandle 96024->96028 96025->96011 96025->96012 96028->96023 96030 b7b486 96054 b7b536 25 API calls 96030->96054 96033 af762a _wcslen 96032->96033 96034 b0fe0b 22 API calls 96033->96034 96035 af763f 96034->96035 96035->95959 96055 b6030f 96036->96055 96040 afb578 96039->96040 96041 afb57f 96039->96041 96040->96041 96068 b162d1 39 API calls _strftime 96040->96068 96041->95948 96043 afb5c2 96043->95948 96044->95979 96045->95985 96046->95975 96047->95992 96048->95998 96049->96004 96050->95996 96051->96009 96052->96025 96053->96030 96054->96024 96056 b60321 CloseHandle 96055->96056 96057 b60329 96055->96057 96056->96057 96058 b60336 96057->96058 96059 b6032e CloseHandle 96057->96059 96060 b60343 96058->96060 96061 b6033b CloseHandle 96058->96061 96059->96058 96062 b60350 96060->96062 96063 b60348 CloseHandle 96060->96063 96061->96060 96064 b60355 CloseHandle 96062->96064 96065 b6035d 96062->96065 96063->96062 96064->96065 96066 b60362 CloseHandle 96065->96066 96067 b6017d 96065->96067 96066->96067 96067->95869 96068->96043 96070 b5dc06 96069->96070 96071 b5dbdc GetFileAttributesW 96069->96071 96070->95875 96071->96070 96072 b5dbe8 FindFirstFileW 96071->96072 96072->96070 96073 b5dbf9 FindClose 96072->96073 96073->96070 96084 b5def7 96074->96084 96076 b5d529 Process32NextW 96077 b5d5db CloseHandle 96076->96077 96078 b5d522 96076->96078 96077->95880 96078->96076 96078->96077 96079 afa961 22 API calls 96078->96079 96080 af9cb3 22 API calls 96078->96080 96090 af525f 22 API calls 96078->96090 96091 af6350 22 API calls 96078->96091 96092 b0ce60 41 API calls 96078->96092 96079->96078 96080->96078 96088 b5df02 96084->96088 96085 b5df19 96094 b162fb 39 API calls _strftime 96085->96094 96088->96085 96089 b5df1f 96088->96089 96093 b163b2 GetStringTypeW _strftime 96088->96093 96089->96078 96090->96078 96091->96078 96092->96078 96093->96088 96094->96089 96095->95834 96096->95834 96097->95829 96098->95835 96099 af1cad SystemParametersInfoW 96100 afdee5 96103 afb710 96100->96103 96104 afb72b 96103->96104 96105 b40146 96104->96105 96106 b400f8 96104->96106 96132 afb750 96104->96132 96145 b758a2 348 API calls 2 library calls 96105->96145 96109 b40102 96106->96109 96112 b4010f 96106->96112 96106->96132 96143 b75d33 348 API calls 96109->96143 96129 afba20 96112->96129 96144 b761d0 348 API calls 2 library calls 96112->96144 96115 afbbe0 40 API calls 96115->96132 96116 b403d9 96116->96116 96119 b0d336 40 API calls 96119->96132 96120 afba4e 96122 b40322 96148 b75c0c 82 API calls 96122->96148 96127 afaceb 23 API calls 96127->96132 96129->96120 96149 b6359c 82 API calls __wsopen_s 96129->96149 96130 afec40 348 API calls 96130->96132 96132->96115 96132->96119 96132->96120 96132->96122 96132->96127 96132->96129 96132->96130 96134 afa81b 41 API calls 96132->96134 96135 b0d2f0 40 API calls 96132->96135 96136 b0a01b 348 API calls 96132->96136 96137 b10242 5 API calls __Init_thread_wait 96132->96137 96138 b0edcd 22 API calls 96132->96138 96139 b100a3 29 API calls __onexit 96132->96139 96140 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96132->96140 96141 b0ee53 82 API calls 96132->96141 96142 b0e5ca 348 API calls 96132->96142 96146 b4f6bf 23 API calls 96132->96146 96147 afa8c7 22 API calls __fread_nolock 96132->96147 96134->96132 96135->96132 96136->96132 96137->96132 96138->96132 96139->96132 96140->96132 96141->96132 96142->96132 96143->96112 96144->96129 96145->96132 96146->96132 96147->96132 96148->96129 96149->96116 96150 b103fb 96151 b10407 __FrameHandler3::FrameUnwindToState 96150->96151 96179 b0feb1 96151->96179 96153 b1040e 96154 b10561 96153->96154 96157 b10438 96153->96157 96209 b1083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 96154->96209 96156 b10568 96202 b14e52 96156->96202 96168 b10477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 96157->96168 96190 b2247d 96157->96190 96164 b10457 96166 b104d8 96198 b10959 96166->96198 96168->96166 96205 b14e1a 38 API calls 3 library calls 96168->96205 96170 b104de 96171 b104f3 96170->96171 96206 b10992 GetModuleHandleW 96171->96206 96173 b104fa 96173->96156 96174 b104fe 96173->96174 96175 b10507 96174->96175 96207 b14df5 28 API calls _abort 96174->96207 96208 b10040 13 API calls 2 library calls 96175->96208 96178 b1050f 96178->96164 96180 b0feba 96179->96180 96211 b10698 IsProcessorFeaturePresent 96180->96211 96182 b0fec6 96212 b12c94 10 API calls 3 library calls 96182->96212 96184 b0fecb 96189 b0fecf 96184->96189 96213 b22317 96184->96213 96187 b0fee6 96187->96153 96189->96153 96193 b22494 96190->96193 96191 b10a8c CatchGuardHandler 5 API calls 96192 b10451 96191->96192 96192->96164 96194 b22421 96192->96194 96193->96191 96195 b22450 96194->96195 96196 b10a8c CatchGuardHandler 5 API calls 96195->96196 96197 b22479 96196->96197 96197->96168 96288 b12340 96198->96288 96200 b1096c GetStartupInfoW 96201 b1097f 96200->96201 96201->96170 96290 b14bcf 96202->96290 96205->96166 96206->96173 96207->96175 96208->96178 96209->96156 96211->96182 96212->96184 96217 b2d1f6 96213->96217 96216 b12cbd 8 API calls 3 library calls 96216->96189 96220 b2d213 96217->96220 96221 b2d20f 96217->96221 96219 b0fed8 96219->96187 96219->96216 96220->96221 96223 b24bfb 96220->96223 96235 b10a8c 96221->96235 96224 b24c07 __FrameHandler3::FrameUnwindToState 96223->96224 96242 b22f5e EnterCriticalSection 96224->96242 96226 b24c0e 96243 b250af 96226->96243 96228 b24c1d 96229 b24c2c 96228->96229 96256 b24a8f 29 API calls 96228->96256 96258 b24c48 LeaveCriticalSection _abort 96229->96258 96232 b24c3d __wsopen_s 96232->96220 96233 b24c27 96257 b24b45 GetStdHandle GetFileType 96233->96257 96236 b10a95 96235->96236 96237 b10a97 IsProcessorFeaturePresent 96235->96237 96236->96219 96239 b10c5d 96237->96239 96287 b10c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 96239->96287 96241 b10d40 96241->96219 96242->96226 96244 b250bb __FrameHandler3::FrameUnwindToState 96243->96244 96245 b250c8 96244->96245 96246 b250df 96244->96246 96267 b1f2d9 20 API calls __dosmaperr 96245->96267 96259 b22f5e EnterCriticalSection 96246->96259 96249 b250cd 96268 b227ec 26 API calls __wsopen_s 96249->96268 96251 b25117 96269 b2513e LeaveCriticalSection _abort 96251->96269 96253 b250d7 __wsopen_s 96253->96228 96255 b250eb 96255->96251 96260 b25000 96255->96260 96256->96233 96257->96229 96258->96232 96259->96255 96270 b24c7d 96260->96270 96262 b2501f 96278 b229c8 96262->96278 96263 b25012 96263->96262 96277 b23405 11 API calls 2 library calls 96263->96277 96266 b25071 96266->96255 96267->96249 96268->96253 96269->96253 96276 b24c8a __FrameHandler3::FrameUnwindToState 96270->96276 96271 b24cca 96285 b1f2d9 20 API calls __dosmaperr 96271->96285 96272 b24cb5 RtlAllocateHeap 96274 b24cc8 96272->96274 96272->96276 96274->96263 96276->96271 96276->96272 96284 b14ead 7 API calls 2 library calls 96276->96284 96277->96263 96279 b229d3 RtlFreeHeap 96278->96279 96283 b229fc __dosmaperr 96278->96283 96280 b229e8 96279->96280 96279->96283 96286 b1f2d9 20 API calls __dosmaperr 96280->96286 96282 b229ee GetLastError 96282->96283 96283->96266 96284->96276 96285->96274 96286->96282 96287->96241 96289 b12357 96288->96289 96289->96200 96289->96289 96291 b14bdb __FrameHandler3::FrameUnwindToState 96290->96291 96292 b14be2 96291->96292 96293 b14bf4 96291->96293 96329 b14d29 GetModuleHandleW 96292->96329 96314 b22f5e EnterCriticalSection 96293->96314 96296 b14be7 96296->96293 96330 b14d6d GetModuleHandleExW 96296->96330 96300 b14bfb 96310 b14c99 96300->96310 96312 b14c70 96300->96312 96315 b221a8 96300->96315 96302 b14ce2 96338 b31d29 5 API calls CatchGuardHandler 96302->96338 96303 b14cb6 96321 b14ce8 96303->96321 96304 b14c88 96305 b22421 _abort 5 API calls 96304->96305 96305->96310 96309 b22421 _abort 5 API calls 96309->96304 96318 b14cd9 96310->96318 96312->96304 96312->96309 96314->96300 96339 b21ee1 96315->96339 96358 b22fa6 LeaveCriticalSection 96318->96358 96320 b14cb2 96320->96302 96320->96303 96359 b2360c 96321->96359 96324 b14d16 96327 b14d6d _abort 8 API calls 96324->96327 96325 b14cf6 GetPEB 96325->96324 96326 b14d06 GetCurrentProcess TerminateProcess 96325->96326 96326->96324 96328 b14d1e ExitProcess 96327->96328 96329->96296 96331 b14d97 GetProcAddress 96330->96331 96332 b14dba 96330->96332 96335 b14dac 96331->96335 96333 b14dc0 FreeLibrary 96332->96333 96334 b14dc9 96332->96334 96333->96334 96336 b10a8c CatchGuardHandler 5 API calls 96334->96336 96335->96332 96337 b14bf3 96336->96337 96337->96293 96342 b21e90 96339->96342 96341 b21f05 96341->96312 96343 b21e9c __FrameHandler3::FrameUnwindToState 96342->96343 96350 b22f5e EnterCriticalSection 96343->96350 96345 b21eaa 96351 b21f31 96345->96351 96349 b21ec8 __wsopen_s 96349->96341 96350->96345 96354 b21f59 96351->96354 96355 b21f51 96351->96355 96352 b10a8c CatchGuardHandler 5 API calls 96353 b21eb7 96352->96353 96357 b21ed5 LeaveCriticalSection _abort 96353->96357 96354->96355 96356 b229c8 _free 20 API calls 96354->96356 96355->96352 96356->96355 96357->96349 96358->96320 96360 b23631 96359->96360 96361 b23627 96359->96361 96366 b22fd7 5 API calls 2 library calls 96360->96366 96363 b10a8c CatchGuardHandler 5 API calls 96361->96363 96364 b14cf2 96363->96364 96364->96324 96364->96325 96365 b23648 96365->96361 96366->96365 96367 af2de3 96368 af2df0 __wsopen_s 96367->96368 96369 af2e09 96368->96369 96370 b32c2b ___scrt_fastfail 96368->96370 96383 af3aa2 96369->96383 96372 b32c47 GetOpenFileNameW 96370->96372 96374 b32c96 96372->96374 96376 af6b57 22 API calls 96374->96376 96378 b32cab 96376->96378 96378->96378 96380 af2e27 96411 af44a8 96380->96411 96441 b31f50 96383->96441 96386 af3ace 96388 af6b57 22 API calls 96386->96388 96387 af3ae9 96447 afa6c3 96387->96447 96390 af3ada 96388->96390 96443 af37a0 96390->96443 96393 af2da5 96394 b31f50 __wsopen_s 96393->96394 96395 af2db2 GetLongPathNameW 96394->96395 96396 af6b57 22 API calls 96395->96396 96397 af2dda 96396->96397 96398 af3598 96397->96398 96399 afa961 22 API calls 96398->96399 96400 af35aa 96399->96400 96401 af3aa2 23 API calls 96400->96401 96402 af35b5 96401->96402 96403 b332eb 96402->96403 96404 af35c0 96402->96404 96408 b3330d 96403->96408 96465 b0ce60 41 API calls 96403->96465 96453 af515f 96404->96453 96410 af35df 96410->96380 96466 af4ecb 96411->96466 96413 b33833 96488 b62cf9 96413->96488 96415 af4ecb 94 API calls 96417 af44e1 96415->96417 96417->96413 96421 af44e9 96417->96421 96418 b33848 96419 b33869 96418->96419 96420 b3384c 96418->96420 96423 b0fe0b 22 API calls 96419->96423 96529 af4f39 96420->96529 96424 b33854 96421->96424 96425 af44f5 96421->96425 96440 b338ae 96423->96440 96535 b5da5a 82 API calls 96424->96535 96528 af940c 136 API calls 2 library calls 96425->96528 96428 b33862 96428->96419 96429 af2e31 96430 b33a5f 96435 b33a67 96430->96435 96431 af4f39 68 API calls 96431->96435 96435->96431 96539 b5989b 82 API calls __wsopen_s 96435->96539 96437 af9cb3 22 API calls 96437->96440 96440->96430 96440->96435 96440->96437 96514 afa4a1 96440->96514 96522 af3ff7 96440->96522 96536 b5967e 22 API calls __fread_nolock 96440->96536 96537 b595ad 42 API calls _wcslen 96440->96537 96538 b60b5a 22 API calls 96440->96538 96442 af3aaf GetFullPathNameW 96441->96442 96442->96386 96442->96387 96444 af37ae 96443->96444 96445 af93b2 22 API calls 96444->96445 96446 af2e12 96445->96446 96446->96393 96448 afa6dd 96447->96448 96449 afa6d0 96447->96449 96450 b0fddb 22 API calls 96448->96450 96449->96390 96451 afa6e7 96450->96451 96452 b0fe0b 22 API calls 96451->96452 96452->96449 96454 af516e 96453->96454 96458 af518f __fread_nolock 96453->96458 96457 b0fe0b 22 API calls 96454->96457 96455 b0fddb 22 API calls 96456 af35cc 96455->96456 96459 af35f3 96456->96459 96457->96458 96458->96455 96460 af3605 96459->96460 96464 af3624 __fread_nolock 96459->96464 96463 b0fe0b 22 API calls 96460->96463 96461 b0fddb 22 API calls 96462 af363b 96461->96462 96462->96410 96463->96464 96464->96461 96465->96403 96540 af4e90 LoadLibraryA 96466->96540 96471 af4ef6 LoadLibraryExW 96548 af4e59 LoadLibraryA 96471->96548 96472 b33ccf 96474 af4f39 68 API calls 96472->96474 96476 b33cd6 96474->96476 96478 af4e59 3 API calls 96476->96478 96479 b33cde 96478->96479 96570 af50f5 96479->96570 96480 af4f20 96480->96479 96481 af4f2c 96480->96481 96483 af4f39 68 API calls 96481->96483 96485 af44cd 96483->96485 96485->96413 96485->96415 96487 b33d05 96489 b62d15 96488->96489 96490 af511f 64 API calls 96489->96490 96491 b62d29 96490->96491 96704 b62e66 96491->96704 96494 af50f5 40 API calls 96495 b62d56 96494->96495 96496 af50f5 40 API calls 96495->96496 96497 b62d66 96496->96497 96498 af50f5 40 API calls 96497->96498 96499 b62d81 96498->96499 96500 af50f5 40 API calls 96499->96500 96501 b62d9c 96500->96501 96502 af511f 64 API calls 96501->96502 96503 b62db3 96502->96503 96504 b1ea0c ___std_exception_copy 21 API calls 96503->96504 96505 b62dba 96504->96505 96506 b1ea0c ___std_exception_copy 21 API calls 96505->96506 96507 b62dc4 96506->96507 96508 af50f5 40 API calls 96507->96508 96509 b62dd8 96508->96509 96510 b628fe 27 API calls 96509->96510 96512 b62dee 96510->96512 96511 b62d3f 96511->96418 96512->96511 96710 b622ce 79 API calls 96512->96710 96515 afa52b 96514->96515 96519 afa4b1 __fread_nolock 96514->96519 96518 b0fe0b 22 API calls 96515->96518 96516 b0fddb 22 API calls 96517 afa4b8 96516->96517 96520 b0fddb 22 API calls 96517->96520 96521 afa4d6 96517->96521 96518->96519 96519->96516 96520->96521 96521->96440 96523 af400a 96522->96523 96526 af40ae 96522->96526 96525 b0fe0b 22 API calls 96523->96525 96527 af403c 96523->96527 96524 b0fddb 22 API calls 96524->96527 96525->96527 96526->96440 96527->96524 96527->96526 96528->96429 96530 af4f43 96529->96530 96532 af4f4a 96529->96532 96711 b1e678 96530->96711 96533 af4f6a FreeLibrary 96532->96533 96534 af4f59 96532->96534 96533->96534 96534->96424 96535->96428 96536->96440 96537->96440 96538->96440 96539->96435 96541 af4ea8 GetProcAddress 96540->96541 96542 af4ec6 96540->96542 96543 af4eb8 96541->96543 96545 b1e5eb 96542->96545 96543->96542 96544 af4ebf FreeLibrary 96543->96544 96544->96542 96578 b1e52a 96545->96578 96547 af4eea 96547->96471 96547->96472 96549 af4e6e GetProcAddress 96548->96549 96550 af4e8d 96548->96550 96551 af4e7e 96549->96551 96553 af4f80 96550->96553 96551->96550 96552 af4e86 FreeLibrary 96551->96552 96552->96550 96554 b0fe0b 22 API calls 96553->96554 96555 af4f95 96554->96555 96630 af5722 96555->96630 96557 af4fa1 __fread_nolock 96558 af50a5 96557->96558 96559 b33d1d 96557->96559 96569 af4fdc 96557->96569 96633 af42a2 CreateStreamOnHGlobal 96558->96633 96644 b6304d 74 API calls 96559->96644 96562 b33d22 96564 af511f 64 API calls 96562->96564 96563 af50f5 40 API calls 96563->96569 96565 b33d45 96564->96565 96566 af50f5 40 API calls 96565->96566 96567 af506e ISource 96566->96567 96567->96480 96569->96562 96569->96563 96569->96567 96639 af511f 96569->96639 96571 b33d70 96570->96571 96572 af5107 96570->96572 96666 b1e8c4 96572->96666 96575 b628fe 96687 b6274e 96575->96687 96577 b62919 96577->96487 96580 b1e536 __FrameHandler3::FrameUnwindToState 96578->96580 96579 b1e544 96603 b1f2d9 20 API calls __dosmaperr 96579->96603 96580->96579 96582 b1e574 96580->96582 96585 b1e586 96582->96585 96586 b1e579 96582->96586 96583 b1e549 96604 b227ec 26 API calls __wsopen_s 96583->96604 96595 b28061 96585->96595 96605 b1f2d9 20 API calls __dosmaperr 96586->96605 96589 b1e554 __wsopen_s 96589->96547 96590 b1e58f 96591 b1e5a2 96590->96591 96592 b1e595 96590->96592 96607 b1e5d4 LeaveCriticalSection __fread_nolock 96591->96607 96606 b1f2d9 20 API calls __dosmaperr 96592->96606 96596 b2806d __FrameHandler3::FrameUnwindToState 96595->96596 96608 b22f5e EnterCriticalSection 96596->96608 96598 b2807b 96609 b280fb 96598->96609 96602 b280ac __wsopen_s 96602->96590 96603->96583 96604->96589 96605->96589 96606->96589 96607->96589 96608->96598 96616 b2811e 96609->96616 96610 b28177 96611 b24c7d __FrameHandler3::FrameUnwindToState 20 API calls 96610->96611 96612 b28180 96611->96612 96614 b229c8 _free 20 API calls 96612->96614 96615 b28189 96614->96615 96618 b28088 96615->96618 96627 b23405 11 API calls 2 library calls 96615->96627 96616->96610 96616->96616 96616->96618 96625 b1918d EnterCriticalSection 96616->96625 96626 b191a1 LeaveCriticalSection 96616->96626 96622 b280b7 96618->96622 96619 b281a8 96628 b1918d EnterCriticalSection 96619->96628 96629 b22fa6 LeaveCriticalSection 96622->96629 96624 b280be 96624->96602 96625->96616 96626->96616 96627->96619 96628->96618 96629->96624 96631 b0fddb 22 API calls 96630->96631 96632 af5734 96631->96632 96632->96557 96634 af42bc FindResourceExW 96633->96634 96635 af42d9 96633->96635 96634->96635 96636 b335ba LoadResource 96634->96636 96635->96569 96636->96635 96637 b335cf SizeofResource 96636->96637 96637->96635 96638 b335e3 LockResource 96637->96638 96638->96635 96640 af512e 96639->96640 96643 b33d90 96639->96643 96645 b1ece3 96640->96645 96644->96562 96648 b1eaaa 96645->96648 96647 af513c 96647->96569 96652 b1eab6 __FrameHandler3::FrameUnwindToState 96648->96652 96649 b1eac2 96661 b1f2d9 20 API calls __dosmaperr 96649->96661 96651 b1eae8 96663 b1918d EnterCriticalSection 96651->96663 96652->96649 96652->96651 96653 b1eac7 96662 b227ec 26 API calls __wsopen_s 96653->96662 96656 b1eaf4 96664 b1ec0a 62 API calls 2 library calls 96656->96664 96658 b1eb08 96665 b1eb27 LeaveCriticalSection __fread_nolock 96658->96665 96660 b1ead2 __wsopen_s 96660->96647 96661->96653 96662->96660 96663->96656 96664->96658 96665->96660 96669 b1e8e1 96666->96669 96668 af5118 96668->96575 96670 b1e8ed __FrameHandler3::FrameUnwindToState 96669->96670 96671 b1e900 ___scrt_fastfail 96670->96671 96672 b1e92d 96670->96672 96673 b1e925 __wsopen_s 96670->96673 96682 b1f2d9 20 API calls __dosmaperr 96671->96682 96684 b1918d EnterCriticalSection 96672->96684 96673->96668 96676 b1e937 96685 b1e6f8 38 API calls 4 library calls 96676->96685 96677 b1e91a 96683 b227ec 26 API calls __wsopen_s 96677->96683 96680 b1e94e 96686 b1e96c LeaveCriticalSection __fread_nolock 96680->96686 96682->96677 96683->96673 96684->96676 96685->96680 96686->96673 96690 b1e4e8 96687->96690 96689 b6275d 96689->96577 96693 b1e469 96690->96693 96692 b1e505 96692->96689 96694 b1e478 96693->96694 96695 b1e48c 96693->96695 96701 b1f2d9 20 API calls __dosmaperr 96694->96701 96700 b1e488 __alldvrm 96695->96700 96703 b2333f 11 API calls 2 library calls 96695->96703 96697 b1e47d 96702 b227ec 26 API calls __wsopen_s 96697->96702 96700->96692 96701->96697 96702->96700 96703->96700 96706 b62e7a 96704->96706 96705 af50f5 40 API calls 96705->96706 96706->96705 96707 b628fe 27 API calls 96706->96707 96708 b62d3b 96706->96708 96709 af511f 64 API calls 96706->96709 96707->96706 96708->96494 96708->96511 96709->96706 96710->96511 96712 b1e684 __FrameHandler3::FrameUnwindToState 96711->96712 96713 b1e695 96712->96713 96714 b1e6aa 96712->96714 96724 b1f2d9 20 API calls __dosmaperr 96713->96724 96715 b1e6a5 __wsopen_s 96714->96715 96726 b1918d EnterCriticalSection 96714->96726 96715->96532 96718 b1e69a 96725 b227ec 26 API calls __wsopen_s 96718->96725 96719 b1e6c6 96727 b1e602 96719->96727 96722 b1e6d1 96743 b1e6ee LeaveCriticalSection __fread_nolock 96722->96743 96724->96718 96725->96715 96726->96719 96728 b1e624 96727->96728 96729 b1e60f 96727->96729 96734 b1e61f 96728->96734 96746 b1dc0b 96728->96746 96744 b1f2d9 20 API calls __dosmaperr 96729->96744 96731 b1e614 96745 b227ec 26 API calls __wsopen_s 96731->96745 96734->96722 96739 b1e646 96763 b2862f 96739->96763 96742 b229c8 _free 20 API calls 96742->96734 96743->96715 96744->96731 96745->96734 96747 b1dc1f 96746->96747 96748 b1dc23 96746->96748 96752 b24d7a 96747->96752 96748->96747 96749 b1d955 __fread_nolock 26 API calls 96748->96749 96750 b1dc43 96749->96750 96778 b259be 62 API calls 3 library calls 96750->96778 96753 b24d90 96752->96753 96755 b1e640 96752->96755 96754 b229c8 _free 20 API calls 96753->96754 96753->96755 96754->96755 96756 b1d955 96755->96756 96757 b1d961 96756->96757 96758 b1d976 96756->96758 96779 b1f2d9 20 API calls __dosmaperr 96757->96779 96758->96739 96760 b1d966 96780 b227ec 26 API calls __wsopen_s 96760->96780 96762 b1d971 96762->96739 96764 b28653 96763->96764 96765 b2863e 96763->96765 96767 b2868e 96764->96767 96771 b2867a 96764->96771 96781 b1f2c6 20 API calls __dosmaperr 96765->96781 96786 b1f2c6 20 API calls __dosmaperr 96767->96786 96768 b28643 96782 b1f2d9 20 API calls __dosmaperr 96768->96782 96783 b28607 96771->96783 96772 b28693 96787 b1f2d9 20 API calls __dosmaperr 96772->96787 96775 b2869b 96788 b227ec 26 API calls __wsopen_s 96775->96788 96776 b1e64c 96776->96734 96776->96742 96778->96747 96779->96760 96780->96762 96781->96768 96782->96776 96789 b28585 96783->96789 96785 b2862b 96785->96776 96786->96772 96787->96775 96788->96776 96790 b28591 __FrameHandler3::FrameUnwindToState 96789->96790 96800 b25147 EnterCriticalSection 96790->96800 96792 b2859f 96793 b285d1 96792->96793 96794 b285c6 96792->96794 96816 b1f2d9 20 API calls __dosmaperr 96793->96816 96801 b286ae 96794->96801 96797 b285cc 96817 b285fb LeaveCriticalSection __wsopen_s 96797->96817 96799 b285ee __wsopen_s 96799->96785 96800->96792 96818 b253c4 96801->96818 96803 b286c4 96831 b25333 21 API calls 2 library calls 96803->96831 96805 b286be 96805->96803 96807 b253c4 __wsopen_s 26 API calls 96805->96807 96815 b286f6 96805->96815 96806 b253c4 __wsopen_s 26 API calls 96808 b28702 CloseHandle 96806->96808 96811 b286ed 96807->96811 96808->96803 96813 b2870e GetLastError 96808->96813 96809 b2873e 96809->96797 96810 b2871c 96810->96809 96832 b1f2a3 20 API calls __dosmaperr 96810->96832 96812 b253c4 __wsopen_s 26 API calls 96811->96812 96812->96815 96813->96803 96815->96803 96815->96806 96816->96797 96817->96799 96819 b253d1 96818->96819 96822 b253e6 96818->96822 96833 b1f2c6 20 API calls __dosmaperr 96819->96833 96821 b253d6 96834 b1f2d9 20 API calls __dosmaperr 96821->96834 96825 b2540b 96822->96825 96835 b1f2c6 20 API calls __dosmaperr 96822->96835 96825->96805 96826 b25416 96836 b1f2d9 20 API calls __dosmaperr 96826->96836 96827 b253de 96827->96805 96829 b2541e 96837 b227ec 26 API calls __wsopen_s 96829->96837 96831->96810 96832->96809 96833->96821 96834->96827 96835->96826 96836->96829 96837->96827 96838 b4d27a GetUserNameW 96839 b4d292 96838->96839 96839->96839 96840 afdefc 96843 af1d6f 96840->96843 96842 afdf07 96844 af1d8c 96843->96844 96852 af1f6f 96844->96852 96846 af1da6 96847 b32759 96846->96847 96849 af1e36 96846->96849 96850 af1dc2 96846->96850 96856 b6359c 82 API calls __wsopen_s 96847->96856 96849->96842 96850->96849 96855 af289a 23 API calls 96850->96855 96853 afec40 348 API calls 96852->96853 96854 af1f98 96853->96854 96854->96846 96855->96849 96856->96849 96857 b4d3a0 96858 b4d3ab 96857->96858 96861 b4d292 96857->96861 96859 b4d3c9 96858->96859 96860 b4d3b9 GetProcAddress 96858->96860 96859->96861 96862 b4d3e4 FreeLibrary 96859->96862 96860->96859 96861->96861 96862->96861 96863 b32ba5 96864 af2b25 96863->96864 96865 b32baf 96863->96865 96891 af2b83 7 API calls 96864->96891 96909 af3a5a 96865->96909 96868 b32bb8 96870 af9cb3 22 API calls 96868->96870 96873 b32bc6 96870->96873 96872 af2b2f 96880 af2b44 96872->96880 96895 af3837 96872->96895 96874 b32bf5 96873->96874 96875 b32bce 96873->96875 96878 af33c6 22 API calls 96874->96878 96916 af33c6 96875->96916 96889 b32bf1 GetForegroundWindow ShellExecuteW 96878->96889 96885 af2b5f 96880->96885 96905 af30f2 96880->96905 96884 b32be7 96887 af33c6 22 API calls 96884->96887 96888 af2b66 SetCurrentDirectoryW 96885->96888 96886 b32c26 96886->96885 96887->96889 96890 af2b7a 96888->96890 96889->96886 96926 af2cd4 7 API calls 96891->96926 96893 af2b2a 96894 af2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96893->96894 96894->96872 96896 af3862 ___scrt_fastfail 96895->96896 96927 af4212 96896->96927 96900 b33386 Shell_NotifyIconW 96901 af3906 Shell_NotifyIconW 96931 af3923 96901->96931 96902 af38e8 96902->96900 96902->96901 96904 af391c 96904->96880 96906 af3154 96905->96906 96907 af3104 ___scrt_fastfail 96905->96907 96906->96885 96908 af3123 Shell_NotifyIconW 96907->96908 96908->96906 96910 b31f50 __wsopen_s 96909->96910 96911 af3a67 GetModuleFileNameW 96910->96911 96912 af9cb3 22 API calls 96911->96912 96913 af3a8d 96912->96913 96914 af3aa2 23 API calls 96913->96914 96915 af3a97 96914->96915 96915->96868 96917 af33dd 96916->96917 96918 b330bb 96916->96918 96962 af33ee 96917->96962 96919 b0fddb 22 API calls 96918->96919 96922 b330c5 _wcslen 96919->96922 96921 af33e8 96925 af6350 22 API calls 96921->96925 96923 b0fe0b 22 API calls 96922->96923 96924 b330fe __fread_nolock 96923->96924 96925->96884 96926->96893 96928 b335a4 96927->96928 96929 af38b7 96927->96929 96928->96929 96930 b335ad DestroyIcon 96928->96930 96929->96902 96953 b5c874 42 API calls _strftime 96929->96953 96930->96929 96932 af393f 96931->96932 96933 af3a13 96931->96933 96954 af6270 96932->96954 96933->96904 96936 b33393 LoadStringW 96940 b333ad 96936->96940 96937 af395a 96938 af6b57 22 API calls 96937->96938 96939 af396f 96938->96939 96941 af397c 96939->96941 96942 b333c9 96939->96942 96948 af3994 ___scrt_fastfail 96940->96948 96960 afa8c7 22 API calls __fread_nolock 96940->96960 96941->96940 96944 af3986 96941->96944 96961 af6350 22 API calls 96942->96961 96959 af6350 22 API calls 96944->96959 96947 b333d7 96947->96948 96949 af33c6 22 API calls 96947->96949 96950 af39f9 Shell_NotifyIconW 96948->96950 96951 b333f9 96949->96951 96950->96933 96952 af33c6 22 API calls 96951->96952 96952->96948 96953->96902 96955 b0fe0b 22 API calls 96954->96955 96956 af6295 96955->96956 96957 b0fddb 22 API calls 96956->96957 96958 af394d 96957->96958 96958->96936 96958->96937 96959->96948 96960->96948 96961->96947 96963 af33fe _wcslen 96962->96963 96964 b3311d 96963->96964 96965 af3411 96963->96965 96967 b0fddb 22 API calls 96964->96967 96972 afa587 96965->96972 96969 b33127 96967->96969 96968 af341e __fread_nolock 96968->96921 96970 b0fe0b 22 API calls 96969->96970 96971 b33157 __fread_nolock 96970->96971 96973 afa59d 96972->96973 96976 afa598 __fread_nolock 96972->96976 96974 b3f80f 96973->96974 96975 b0fe0b 22 API calls 96973->96975 96975->96976 96976->96968 96977 af2e37 96978 afa961 22 API calls 96977->96978 96979 af2e4d 96978->96979 97056 af4ae3 96979->97056 96981 af2e6b 96982 af3a5a 24 API calls 96981->96982 96983 af2e7f 96982->96983 96984 af9cb3 22 API calls 96983->96984 96985 af2e8c 96984->96985 96986 af4ecb 94 API calls 96985->96986 96987 af2ea5 96986->96987 96988 af2ead 96987->96988 96989 b32cb0 96987->96989 97070 afa8c7 22 API calls __fread_nolock 96988->97070 96990 b62cf9 80 API calls 96989->96990 96991 b32cc3 96990->96991 96992 b32ccf 96991->96992 96994 af4f39 68 API calls 96991->96994 96998 af4f39 68 API calls 96992->96998 96994->96992 96995 af2ec3 97071 af6f88 22 API calls 96995->97071 96997 af2ecf 96999 af9cb3 22 API calls 96997->96999 97000 b32ce5 96998->97000 97001 af2edc 96999->97001 97088 af3084 22 API calls 97000->97088 97072 afa81b 41 API calls 97001->97072 97004 af2eec 97006 af9cb3 22 API calls 97004->97006 97005 b32d02 97089 af3084 22 API calls 97005->97089 97008 af2f12 97006->97008 97073 afa81b 41 API calls 97008->97073 97009 b32d1e 97011 af3a5a 24 API calls 97009->97011 97012 b32d44 97011->97012 97090 af3084 22 API calls 97012->97090 97013 af2f21 97015 afa961 22 API calls 97013->97015 97017 af2f3f 97015->97017 97016 b32d50 97091 afa8c7 22 API calls __fread_nolock 97016->97091 97074 af3084 22 API calls 97017->97074 97020 b32d5e 97092 af3084 22 API calls 97020->97092 97021 af2f4b 97075 b14a28 40 API calls 3 library calls 97021->97075 97024 b32d6d 97093 afa8c7 22 API calls __fread_nolock 97024->97093 97025 af2f59 97025->97000 97026 af2f63 97025->97026 97076 b14a28 40 API calls 3 library calls 97026->97076 97029 b32d83 97094 af3084 22 API calls 97029->97094 97030 af2f6e 97030->97005 97032 af2f78 97030->97032 97077 b14a28 40 API calls 3 library calls 97032->97077 97033 b32d90 97035 af2f83 97035->97009 97036 af2f8d 97035->97036 97078 b14a28 40 API calls 3 library calls 97036->97078 97038 af2f98 97039 af2fdc 97038->97039 97079 af3084 22 API calls 97038->97079 97039->97024 97040 af2fe8 97039->97040 97040->97033 97082 af63eb 22 API calls 97040->97082 97042 af2fbf 97080 afa8c7 22 API calls __fread_nolock 97042->97080 97045 af2ff8 97083 af6a50 22 API calls 97045->97083 97046 af2fcd 97081 af3084 22 API calls 97046->97081 97049 af3006 97084 af70b0 23 API calls 97049->97084 97053 af3021 97054 af3065 97053->97054 97085 af6f88 22 API calls 97053->97085 97086 af70b0 23 API calls 97053->97086 97087 af3084 22 API calls 97053->97087 97057 af4af0 __wsopen_s 97056->97057 97058 af6b57 22 API calls 97057->97058 97059 af4b22 97057->97059 97058->97059 97066 af4b58 97059->97066 97095 af4c6d 97059->97095 97061 af9cb3 22 API calls 97063 af4c52 97061->97063 97062 af9cb3 22 API calls 97062->97066 97065 af515f 22 API calls 97063->97065 97064 af4c6d 22 API calls 97064->97066 97068 af4c5e 97065->97068 97066->97062 97066->97064 97067 af515f 22 API calls 97066->97067 97069 af4c29 97066->97069 97067->97066 97068->96981 97069->97061 97069->97068 97070->96995 97071->96997 97072->97004 97073->97013 97074->97021 97075->97025 97076->97030 97077->97035 97078->97038 97079->97042 97080->97046 97081->97039 97082->97045 97083->97049 97084->97053 97085->97053 97086->97053 97087->97053 97088->97005 97089->97009 97090->97016 97091->97020 97092->97024 97093->97029 97094->97033 97096 afaec9 22 API calls 97095->97096 97097 af4c78 97096->97097 97097->97059 97098 af1033 97103 af4c91 97098->97103 97102 af1042 97104 afa961 22 API calls 97103->97104 97105 af4cff 97104->97105 97111 af3af0 97105->97111 97107 af4d9c 97109 af1038 97107->97109 97114 af51f7 22 API calls __fread_nolock 97107->97114 97110 b100a3 29 API calls __onexit 97109->97110 97110->97102 97115 af3b1c 97111->97115 97114->97107 97116 af3b29 97115->97116 97117 af3b0f 97115->97117 97116->97117 97118 af3b30 RegOpenKeyExW 97116->97118 97117->97107 97118->97117 97119 af3b4a RegQueryValueExW 97118->97119 97120 af3b6b 97119->97120 97121 af3b80 RegCloseKey 97119->97121 97120->97121 97121->97117 97122 affe73 97123 b0ceb1 23 API calls 97122->97123 97124 affe89 97123->97124 97129 b0cf92 97124->97129 97126 affeb3 97141 b6359c 82 API calls __wsopen_s 97126->97141 97128 b44ab8 97130 af6270 22 API calls 97129->97130 97131 b0cfc9 97130->97131 97132 af9cb3 22 API calls 97131->97132 97136 b0cffa 97131->97136 97133 b4d166 97132->97133 97142 af6350 22 API calls 97133->97142 97135 b4d171 97143 b0d2f0 40 API calls 97135->97143 97136->97126 97138 b4d184 97139 afaceb 23 API calls 97138->97139 97140 b4d188 97138->97140 97139->97140 97140->97140 97141->97128 97142->97135 97143->97138 97144 b4d255 97145 af3b1c 3 API calls 97144->97145 97146 b4d275 97144->97146 97145->97146 97146->97146 97147 b0f698 97148 b0f6a2 97147->97148 97150 b0f6c3 97147->97150 97156 afaf8a 97148->97156 97155 b4f2f8 97150->97155 97164 b54d4a 22 API calls ISource 97150->97164 97151 b0f6b2 97153 afaf8a 22 API calls 97151->97153 97154 b0f6c2 97153->97154 97157 afaf98 97156->97157 97163 afafc0 ISource 97156->97163 97158 afafa6 97157->97158 97160 afaf8a 22 API calls 97157->97160 97159 afafac 97158->97159 97161 afaf8a 22 API calls 97158->97161 97159->97163 97165 afb090 97159->97165 97160->97158 97161->97159 97163->97151 97164->97150 97166 afb09b ISource 97165->97166 97168 afb0d6 ISource 97166->97168 97169 b0ce17 22 API calls ISource 97166->97169 97168->97163 97169->97168 97170 af1044 97175 af10f3 97170->97175 97172 af104a 97211 b100a3 29 API calls __onexit 97172->97211 97174 af1054 97212 af1398 97175->97212 97179 af116a 97180 afa961 22 API calls 97179->97180 97181 af1174 97180->97181 97182 afa961 22 API calls 97181->97182 97183 af117e 97182->97183 97184 afa961 22 API calls 97183->97184 97185 af1188 97184->97185 97186 afa961 22 API calls 97185->97186 97187 af11c6 97186->97187 97188 afa961 22 API calls 97187->97188 97189 af1292 97188->97189 97222 af171c 97189->97222 97193 af12c4 97194 afa961 22 API calls 97193->97194 97195 af12ce 97194->97195 97196 b01940 9 API calls 97195->97196 97197 af12f9 97196->97197 97243 af1aab 97197->97243 97199 af1315 97200 af1325 GetStdHandle 97199->97200 97201 af137a 97200->97201 97202 b32485 97200->97202 97206 af1387 OleInitialize 97201->97206 97202->97201 97203 b3248e 97202->97203 97204 b0fddb 22 API calls 97203->97204 97205 b32495 97204->97205 97250 b6011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 97205->97250 97206->97172 97208 b3249e 97251 b60944 CreateThread 97208->97251 97210 b324aa CloseHandle 97210->97201 97211->97174 97252 af13f1 97212->97252 97215 af13f1 22 API calls 97216 af13d0 97215->97216 97217 afa961 22 API calls 97216->97217 97218 af13dc 97217->97218 97219 af6b57 22 API calls 97218->97219 97220 af1129 97219->97220 97221 af1bc3 6 API calls 97220->97221 97221->97179 97223 afa961 22 API calls 97222->97223 97224 af172c 97223->97224 97225 afa961 22 API calls 97224->97225 97226 af1734 97225->97226 97227 afa961 22 API calls 97226->97227 97228 af174f 97227->97228 97229 b0fddb 22 API calls 97228->97229 97230 af129c 97229->97230 97231 af1b4a 97230->97231 97232 af1b58 97231->97232 97233 afa961 22 API calls 97232->97233 97234 af1b63 97233->97234 97235 afa961 22 API calls 97234->97235 97236 af1b6e 97235->97236 97237 afa961 22 API calls 97236->97237 97238 af1b79 97237->97238 97239 afa961 22 API calls 97238->97239 97240 af1b84 97239->97240 97241 b0fddb 22 API calls 97240->97241 97242 af1b96 RegisterWindowMessageW 97241->97242 97242->97193 97244 af1abb 97243->97244 97245 b3272d 97243->97245 97247 b0fddb 22 API calls 97244->97247 97259 b63209 23 API calls 97245->97259 97249 af1ac3 97247->97249 97248 b32738 97249->97199 97250->97208 97251->97210 97260 b6092a 28 API calls 97251->97260 97253 afa961 22 API calls 97252->97253 97254 af13fc 97253->97254 97255 afa961 22 API calls 97254->97255 97256 af1404 97255->97256 97257 afa961 22 API calls 97256->97257 97258 af13c6 97257->97258 97258->97215 97259->97248 97261 b4d79f 97262 af3b1c 3 API calls 97261->97262 97263 b4d7bf 97262->97263 97266 af9c6e 22 API calls 97263->97266 97265 b4d7ef 97265->97265 97266->97265 97267 b4d35f 97269 b4d30c 97267->97269 97270 b5df27 SHGetFolderPathW 97269->97270 97271 af6b57 22 API calls 97270->97271 97272 b5df54 97271->97272 97272->97269 97273 b82a55 97281 b61ebc 97273->97281 97276 b82a70 97283 b539c0 22 API calls 97276->97283 97277 b82a87 97279 b82a7c 97284 b5417d 22 API calls __fread_nolock 97279->97284 97282 b61ec3 IsWindow 97281->97282 97282->97276 97282->97277 97283->97279 97284->97277 97285 b4d29a 97288 b5de27 WSAStartup 97285->97288 97287 b4d2a5 97289 b5de50 gethostname gethostbyname 97288->97289 97290 b5dee6 97288->97290 97289->97290 97291 b5de73 __fread_nolock 97289->97291 97290->97287 97292 b5dea5 inet_ntoa 97291->97292 97296 b5de87 97291->97296 97294 b5debe _strcat 97292->97294 97293 b5dede WSACleanup 97293->97290 97297 b5ebd1 97294->97297 97296->97293 97298 b5ec37 97297->97298 97300 b5ebe0 _strlen 97297->97300 97298->97296 97299 b5ebef MultiByteToWideChar 97299->97298 97301 b5ec04 97299->97301 97300->97299 97302 b0fe0b 22 API calls 97301->97302 97303 b5ec20 MultiByteToWideChar 97302->97303 97303->97298 97304 b28402 97309 b281be 97304->97309 97307 b2842a 97314 b281ef try_get_first_available_module 97309->97314 97311 b283ee 97328 b227ec 26 API calls __wsopen_s 97311->97328 97313 b28343 97313->97307 97321 b30984 97313->97321 97314->97314 97320 b28338 97314->97320 97324 b18e0b 40 API calls 2 library calls 97314->97324 97316 b2838c 97316->97320 97325 b18e0b 40 API calls 2 library calls 97316->97325 97318 b283ab 97318->97320 97326 b18e0b 40 API calls 2 library calls 97318->97326 97320->97313 97327 b1f2d9 20 API calls __dosmaperr 97320->97327 97329 b30081 97321->97329 97323 b3099f 97323->97307 97324->97316 97325->97318 97326->97320 97327->97311 97328->97313 97331 b3008d __FrameHandler3::FrameUnwindToState 97329->97331 97330 b3009b 97387 b1f2d9 20 API calls __dosmaperr 97330->97387 97331->97330 97334 b300d4 97331->97334 97333 b300a0 97388 b227ec 26 API calls __wsopen_s 97333->97388 97340 b3065b 97334->97340 97339 b300aa __wsopen_s 97339->97323 97390 b3042f 97340->97390 97343 b306a6 97408 b25221 97343->97408 97344 b3068d 97422 b1f2c6 20 API calls __dosmaperr 97344->97422 97347 b306ab 97348 b306b4 97347->97348 97349 b306cb 97347->97349 97424 b1f2c6 20 API calls __dosmaperr 97348->97424 97421 b3039a CreateFileW 97349->97421 97350 b30692 97423 b1f2d9 20 API calls __dosmaperr 97350->97423 97354 b306b9 97425 b1f2d9 20 API calls __dosmaperr 97354->97425 97355 b300f8 97389 b30121 LeaveCriticalSection __wsopen_s 97355->97389 97357 b30781 GetFileType 97358 b307d3 97357->97358 97359 b3078c GetLastError 97357->97359 97430 b2516a 21 API calls 2 library calls 97358->97430 97428 b1f2a3 20 API calls __dosmaperr 97359->97428 97360 b30756 GetLastError 97427 b1f2a3 20 API calls __dosmaperr 97360->97427 97362 b30704 97362->97357 97362->97360 97426 b3039a CreateFileW 97362->97426 97364 b3079a CloseHandle 97364->97350 97366 b307c3 97364->97366 97429 b1f2d9 20 API calls __dosmaperr 97366->97429 97368 b30749 97368->97357 97368->97360 97370 b307f4 97372 b30840 97370->97372 97431 b305ab 72 API calls 3 library calls 97370->97431 97371 b307c8 97371->97350 97376 b3086d 97372->97376 97432 b3014d 72 API calls 4 library calls 97372->97432 97375 b30866 97375->97376 97377 b3087e 97375->97377 97378 b286ae __wsopen_s 29 API calls 97376->97378 97377->97355 97379 b308fc CloseHandle 97377->97379 97378->97355 97433 b3039a CreateFileW 97379->97433 97381 b30927 97382 b3095d 97381->97382 97383 b30931 GetLastError 97381->97383 97382->97355 97434 b1f2a3 20 API calls __dosmaperr 97383->97434 97385 b3093d 97435 b25333 21 API calls 2 library calls 97385->97435 97387->97333 97388->97339 97389->97339 97391 b30450 97390->97391 97392 b3046a 97390->97392 97391->97392 97443 b1f2d9 20 API calls __dosmaperr 97391->97443 97436 b303bf 97392->97436 97395 b3045f 97444 b227ec 26 API calls __wsopen_s 97395->97444 97397 b304a2 97399 b304d1 97397->97399 97445 b1f2d9 20 API calls __dosmaperr 97397->97445 97398 b30524 97398->97343 97398->97344 97399->97398 97447 b1d70d 26 API calls 2 library calls 97399->97447 97402 b3051f 97402->97398 97404 b3059e 97402->97404 97403 b304c6 97446 b227ec 26 API calls __wsopen_s 97403->97446 97448 b227fc 11 API calls _abort 97404->97448 97407 b305aa 97409 b2522d __FrameHandler3::FrameUnwindToState 97408->97409 97451 b22f5e EnterCriticalSection 97409->97451 97411 b25259 97414 b25000 __wsopen_s 21 API calls 97411->97414 97412 b25234 97412->97411 97417 b252c7 EnterCriticalSection 97412->97417 97419 b2527b 97412->97419 97416 b2525e 97414->97416 97415 b252a4 __wsopen_s 97415->97347 97416->97419 97455 b25147 EnterCriticalSection 97416->97455 97418 b252d4 LeaveCriticalSection 97417->97418 97417->97419 97418->97412 97452 b2532a 97419->97452 97421->97362 97422->97350 97423->97355 97424->97354 97425->97350 97426->97368 97427->97350 97428->97364 97429->97371 97430->97370 97431->97372 97432->97375 97433->97381 97434->97385 97435->97382 97437 b303d7 97436->97437 97438 b303f2 97437->97438 97449 b1f2d9 20 API calls __dosmaperr 97437->97449 97438->97397 97440 b30416 97450 b227ec 26 API calls __wsopen_s 97440->97450 97442 b30421 97442->97397 97443->97395 97444->97392 97445->97403 97446->97399 97447->97402 97448->97407 97449->97440 97450->97442 97451->97412 97456 b22fa6 LeaveCriticalSection 97452->97456 97454 b25331 97454->97415 97455->97419 97456->97454 97457 b32402 97460 af1410 97457->97460 97461 af144f mciSendStringW 97460->97461 97462 b324b8 DestroyWindow 97460->97462 97463 af146b 97461->97463 97464 af16c6 97461->97464 97474 b324c4 97462->97474 97465 af1479 97463->97465 97463->97474 97464->97463 97466 af16d5 UnregisterHotKey 97464->97466 97493 af182e 97465->97493 97466->97464 97468 b32509 97475 b3252d 97468->97475 97476 b3251c FreeLibrary 97468->97476 97469 b324e2 FindClose 97469->97474 97470 b324d8 97470->97474 97499 af6246 CloseHandle 97470->97499 97472 af148e 97472->97475 97481 af149c 97472->97481 97474->97468 97474->97469 97474->97470 97477 b32541 VirtualFree 97475->97477 97484 af1509 97475->97484 97476->97468 97477->97475 97478 af14f8 CoUninitialize 97478->97484 97479 b32589 97486 b32598 ISource 97479->97486 97500 b632eb 6 API calls ISource 97479->97500 97480 af1514 97483 af1524 97480->97483 97481->97478 97497 af1944 VirtualFreeEx CloseHandle 97483->97497 97484->97479 97484->97480 97489 b32627 97486->97489 97501 b564d4 22 API calls ISource 97486->97501 97488 af153a 97488->97486 97490 af161f 97488->97490 97489->97489 97490->97489 97498 af1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 97490->97498 97492 af16c1 97495 af183b 97493->97495 97494 af1480 97494->97468 97494->97472 97495->97494 97502 b5702a 22 API calls 97495->97502 97497->97488 97498->97492 97499->97470 97500->97479 97501->97486 97502->97495 97503 b42a00 97519 afd7b0 ISource 97503->97519 97504 afdb11 PeekMessageW 97504->97519 97505 afd807 GetInputState 97505->97504 97505->97519 97507 b41cbe TranslateAcceleratorW 97507->97519 97508 afdb8f PeekMessageW 97508->97519 97509 afda04 timeGetTime 97509->97519 97510 afdb73 TranslateMessage DispatchMessageW 97510->97508 97511 afdbaf Sleep 97511->97519 97512 b42b74 Sleep 97525 b42a51 97512->97525 97515 b41dda timeGetTime 97571 b0e300 23 API calls 97515->97571 97517 b5d4dc 47 API calls 97517->97525 97518 b42c0b GetExitCodeProcess 97520 b42c37 CloseHandle 97518->97520 97521 b42c21 WaitForSingleObject 97518->97521 97519->97504 97519->97505 97519->97507 97519->97508 97519->97509 97519->97510 97519->97511 97519->97512 97519->97515 97523 afd9d5 97519->97523 97519->97525 97531 afec40 348 API calls 97519->97531 97532 b01310 348 API calls 97519->97532 97533 afbf40 348 API calls 97519->97533 97535 afdd50 97519->97535 97542 afdfd0 97519->97542 97565 b0edf6 97519->97565 97570 b0e551 timeGetTime 97519->97570 97572 b63a2a 23 API calls 97519->97572 97573 b6359c 82 API calls __wsopen_s 97519->97573 97520->97525 97521->97519 97521->97520 97522 b829bf GetForegroundWindow 97522->97525 97525->97517 97525->97518 97525->97519 97525->97522 97525->97523 97526 b42ca9 Sleep 97525->97526 97574 b75658 23 API calls 97525->97574 97575 b5e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97525->97575 97576 b0e551 timeGetTime 97525->97576 97526->97519 97531->97519 97532->97519 97533->97519 97536 afdd6f 97535->97536 97537 afdd83 97535->97537 97577 afd260 97536->97577 97609 b6359c 82 API calls __wsopen_s 97537->97609 97540 afdd7a 97540->97519 97541 b42f75 97541->97541 97543 afe010 97542->97543 97558 afe0dc ISource 97543->97558 97619 b10242 5 API calls __Init_thread_wait 97543->97619 97546 b42fca 97548 afa961 22 API calls 97546->97548 97546->97558 97547 afa961 22 API calls 97547->97558 97551 b42fe4 97548->97551 97620 b100a3 29 API calls __onexit 97551->97620 97553 b42fee 97621 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97553->97621 97556 afec40 348 API calls 97556->97558 97558->97547 97558->97556 97560 b004f0 22 API calls 97558->97560 97561 b6359c 82 API calls 97558->97561 97562 afe3e1 97558->97562 97616 afa8c7 22 API calls __fread_nolock 97558->97616 97617 afa81b 41 API calls 97558->97617 97618 b0a308 348 API calls 97558->97618 97622 b10242 5 API calls __Init_thread_wait 97558->97622 97623 b100a3 29 API calls __onexit 97558->97623 97624 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97558->97624 97625 b747d4 348 API calls 97558->97625 97626 b768c1 348 API calls 97558->97626 97560->97558 97561->97558 97562->97519 97566 b0ee09 97565->97566 97567 b0ee12 97565->97567 97566->97519 97567->97566 97568 b0ee36 IsDialogMessageW 97567->97568 97569 b4efaf GetClassLongW 97567->97569 97568->97566 97568->97567 97569->97567 97569->97568 97570->97519 97571->97519 97572->97519 97573->97519 97574->97525 97575->97525 97576->97525 97578 afec40 348 API calls 97577->97578 97596 afd29d 97578->97596 97579 b41bc4 97615 b6359c 82 API calls __wsopen_s 97579->97615 97581 afd3c3 97583 afd6d5 97581->97583 97585 afd3ce 97581->97585 97582 afd30b ISource 97582->97540 97583->97582 97592 b0fe0b 22 API calls 97583->97592 97584 afd5ff 97586 b41bb5 97584->97586 97587 afd614 97584->97587 97589 b0fddb 22 API calls 97585->97589 97614 b75705 23 API calls 97586->97614 97591 b0fddb 22 API calls 97587->97591 97588 afd4b8 97593 b0fe0b 22 API calls 97588->97593 97597 afd3d5 __fread_nolock 97589->97597 97601 afd46a 97591->97601 97592->97597 97604 afd429 ISource __fread_nolock 97593->97604 97594 b0fddb 22 API calls 97595 afd3f6 97594->97595 97595->97604 97610 afbec0 348 API calls 97595->97610 97596->97579 97596->97581 97596->97582 97596->97583 97596->97588 97598 b0fddb 22 API calls 97596->97598 97596->97604 97597->97594 97597->97595 97598->97596 97600 b41ba4 97613 b6359c 82 API calls __wsopen_s 97600->97613 97601->97540 97603 af1f6f 348 API calls 97603->97604 97604->97584 97604->97600 97604->97601 97604->97603 97605 b41b7f 97604->97605 97607 b41b5d 97604->97607 97612 b6359c 82 API calls __wsopen_s 97605->97612 97611 b6359c 82 API calls __wsopen_s 97607->97611 97609->97541 97610->97604 97611->97601 97612->97601 97613->97601 97614->97579 97615->97582 97616->97558 97617->97558 97618->97558 97619->97546 97620->97553 97621->97558 97622->97558 97623->97558 97624->97558 97625->97558 97626->97558 97627 af105b 97632 af344d 97627->97632 97629 af106a 97663 b100a3 29 API calls __onexit 97629->97663 97631 af1074 97633 af345d __wsopen_s 97632->97633 97634 afa961 22 API calls 97633->97634 97635 af3513 97634->97635 97636 af3a5a 24 API calls 97635->97636 97637 af351c 97636->97637 97664 af3357 97637->97664 97640 af33c6 22 API calls 97641 af3535 97640->97641 97642 af515f 22 API calls 97641->97642 97643 af3544 97642->97643 97644 afa961 22 API calls 97643->97644 97645 af354d 97644->97645 97646 afa6c3 22 API calls 97645->97646 97647 af3556 RegOpenKeyExW 97646->97647 97648 b33176 RegQueryValueExW 97647->97648 97652 af3578 97647->97652 97649 b33193 97648->97649 97650 b3320c RegCloseKey 97648->97650 97651 b0fe0b 22 API calls 97649->97651 97650->97652 97656 b3321e _wcslen 97650->97656 97653 b331ac 97651->97653 97652->97629 97655 af5722 22 API calls 97653->97655 97654 af4c6d 22 API calls 97654->97656 97657 b331b7 RegQueryValueExW 97655->97657 97656->97652 97656->97654 97661 af9cb3 22 API calls 97656->97661 97662 af515f 22 API calls 97656->97662 97658 b331d4 97657->97658 97660 b331ee ISource 97657->97660 97659 af6b57 22 API calls 97658->97659 97659->97660 97660->97650 97661->97656 97662->97656 97663->97631 97665 b31f50 __wsopen_s 97664->97665 97666 af3364 GetFullPathNameW 97665->97666 97667 af3386 97666->97667 97668 af6b57 22 API calls 97667->97668 97669 af33a4 97668->97669 97669->97640 97670 af1098 97675 af42de 97670->97675 97674 af10a7 97676 afa961 22 API calls 97675->97676 97677 af42f5 GetVersionExW 97676->97677 97678 af6b57 22 API calls 97677->97678 97679 af4342 97678->97679 97680 af93b2 22 API calls 97679->97680 97685 af4378 97679->97685 97681 af436c 97680->97681 97683 af37a0 22 API calls 97681->97683 97682 af441b GetCurrentProcess IsWow64Process 97684 af4437 97682->97684 97683->97685 97687 af444f LoadLibraryA 97684->97687 97688 b33824 GetSystemInfo 97684->97688 97685->97682 97686 b337df 97685->97686 97689 af449c GetSystemInfo 97687->97689 97690 af4460 GetProcAddress 97687->97690 97691 af4476 97689->97691 97690->97689 97692 af4470 GetNativeSystemInfo 97690->97692 97693 af447a FreeLibrary 97691->97693 97694 af109d 97691->97694 97692->97691 97693->97694 97695 b100a3 29 API calls __onexit 97694->97695 97695->97674 97696 af3156 97699 af3170 97696->97699 97700 af3187 97699->97700 97701 af318c 97700->97701 97702 af31eb 97700->97702 97740 af31e9 97700->97740 97706 af3199 97701->97706 97707 af3265 PostQuitMessage 97701->97707 97704 b32dfb 97702->97704 97705 af31f1 97702->97705 97703 af31d0 DefWindowProcW 97732 af316a 97703->97732 97754 af18e2 10 API calls 97704->97754 97708 af321d SetTimer RegisterWindowMessageW 97705->97708 97709 af31f8 97705->97709 97711 af31a4 97706->97711 97712 b32e7c 97706->97712 97707->97732 97717 af3246 CreatePopupMenu 97708->97717 97708->97732 97714 af3201 KillTimer 97709->97714 97715 b32d9c 97709->97715 97718 af31ae 97711->97718 97719 b32e68 97711->97719 97757 b5bf30 34 API calls ___scrt_fastfail 97712->97757 97723 af30f2 Shell_NotifyIconW 97714->97723 97721 b32da1 97715->97721 97722 b32dd7 MoveWindow 97715->97722 97716 b32e1c 97755 b0e499 42 API calls 97716->97755 97717->97732 97720 af31b9 97718->97720 97730 b32e4d 97718->97730 97744 b5c161 97719->97744 97726 af3253 97720->97726 97734 af31c4 97720->97734 97728 b32da7 97721->97728 97729 b32dc6 SetFocus 97721->97729 97722->97732 97731 af3214 97723->97731 97752 af326f 44 API calls ___scrt_fastfail 97726->97752 97727 b32e8e 97727->97703 97727->97732 97728->97734 97735 b32db0 97728->97735 97729->97732 97730->97703 97756 b50ad7 22 API calls 97730->97756 97751 af3c50 DeleteObject DestroyWindow 97731->97751 97734->97703 97741 af30f2 Shell_NotifyIconW 97734->97741 97753 af18e2 10 API calls 97735->97753 97738 af3263 97738->97732 97740->97703 97742 b32e41 97741->97742 97743 af3837 49 API calls 97742->97743 97743->97740 97745 b5c276 97744->97745 97746 b5c179 ___scrt_fastfail 97744->97746 97745->97732 97747 af3923 24 API calls 97746->97747 97749 b5c1a0 97747->97749 97748 b5c25f KillTimer SetTimer 97748->97745 97749->97748 97750 b5c251 Shell_NotifyIconW 97749->97750 97750->97748 97751->97732 97752->97738 97753->97732 97754->97716 97755->97734 97756->97740 97757->97727

                                                                                                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                                                                                                Function 00AF42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 392 af42de-af434d call afa961 GetVersionExW call af6b57 397 b33617-b3362a 392->397 398 af4353 392->398 399 b3362b-b3362f 397->399 400 af4355-af4357 398->400 401 b33632-b3363e 399->401 402 b33631 399->402 403 af435d-af43bc call af93b2 call af37a0 400->403 404 b33656 400->404 401->399 405 b33640-b33642 401->405 402->401 421 b337df-b337e6 403->421 422 af43c2-af43c4 403->422 408 b3365d-b33660 404->408 405->400 407 b33648-b3364f 405->407 407->397 410 b33651 407->410 411 af441b-af4435 GetCurrentProcess IsWow64Process 408->411 412 b33666-b336a8 408->412 410->404 414 af4437 411->414 415 af4494-af449a 411->415 412->411 416 b336ae-b336b1 412->416 418 af443d-af4449 414->418 415->418 419 b336b3-b336bd 416->419 420 b336db-b336e5 416->420 428 af444f-af445e LoadLibraryA 418->428 429 b33824-b33828 GetSystemInfo 418->429 430 b336ca-b336d6 419->430 431 b336bf-b336c5 419->431 424 b336e7-b336f3 420->424 425 b336f8-b33702 420->425 426 b33806-b33809 421->426 427 b337e8 421->427 422->408 423 af43ca-af43dd 422->423 432 b33726-b3372f 423->432 433 af43e3-af43e5 423->433 424->411 435 b33715-b33721 425->435 436 b33704-b33710 425->436 437 b337f4-b337fc 426->437 438 b3380b-b3381a 426->438 434 b337ee 427->434 439 af449c-af44a6 GetSystemInfo 428->439 440 af4460-af446e GetProcAddress 428->440 430->411 431->411 444 b33731-b33737 432->444 445 b3373c-b33748 432->445 442 af43eb-af43ee 433->442 443 b3374d-b33762 433->443 434->437 435->411 436->411 437->426 438->434 446 b3381c-b33822 438->446 441 af4476-af4478 439->441 440->439 447 af4470-af4474 GetNativeSystemInfo 440->447 452 af447a-af447b FreeLibrary 441->452 453 af4481-af4493 441->453 448 b33791-b33794 442->448 449 af43f4-af440f 442->449 450 b33764-b3376a 443->450 451 b3376f-b3377b 443->451 444->411 445->411 446->437 447->441 448->411 456 b3379a-b337c1 448->456 454 b33780-b3378c 449->454 455 af4415 449->455 450->411 451->411 452->453 454->411 455->411 457 b337c3-b337c9 456->457 458 b337ce-b337da 456->458 457->411 458->411
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 00AF430D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00B8CB64,00000000,?,?), ref: 00AF4422
                                                                                                                                                                                                                                                                                                                                                                                • IsWow64Process.KERNEL32(00000000,?,?), ref: 00AF4429
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00AF4454
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AF4466
                                                                                                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00AF4474
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AF447B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?,?,?), ref: 00AF44A0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 492287be3fa166c7644b2843276b1b9773a33f6e5310df7387e516abc4f58158
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: abb0ea79bba9654e9475d746df4376f99afbd35f0c47b40ac9b5800a12774f30
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 492287be3fa166c7644b2843276b1b9773a33f6e5310df7387e516abc4f58158
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 99A1957191A2C4EFC712D7AD7C559A63FE46BEF708B145D99E081B3A23DA304904CB29
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 820 af42a2-af42ba CreateStreamOnHGlobal 821 af42bc-af42d3 FindResourceExW 820->821 822 af42da-af42dd 820->822 823 af42d9 821->823 824 b335ba-b335c9 LoadResource 821->824 823->822 824->823 825 b335cf-b335dd SizeofResource 824->825 825->823 826 b335e3-b335ee LockResource 825->826 826->823 827 b335f4-b33612 826->827 827->823
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00AF50AA,?,?,00000000,00000000), ref: 00AF42B2
                                                                                                                                                                                                                                                                                                                                                                                • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00AF50AA,?,?,00000000,00000000), ref: 00AF42C9
                                                                                                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20), ref: 00B335BE
                                                                                                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(?,00000000,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20), ref: 00B335D3
                                                                                                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00AF50AA,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20,?), ref: 00B335E6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 29fca9c8bc01bcc175ed22f3bd4c23dec0f420a14a2237b44306dc276ff09513
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f6ae3d33a620e0016b62451247bd499681625f1d00c2e47f779759e68814cd05
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29fca9c8bc01bcc175ed22f3bd4c23dec0f420a14a2237b44306dc276ff09513
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 93113CB1200B05BFD7218FA5DC49F677FB9EBC9B51F244169B502966A0DB71D800CB70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B32BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF2B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00BC1418,?,00AF2E7F,?,?,?,00000000), ref: 00AF3A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(runas,?,?,?,?,?,00BB2224), ref: 00B32C10
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteW.SHELL32(00000000,?,?,00BB2224), ref: 00B32C17
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 04d7448fbe968582df5512be809b8bd988158e0223d7b20f777c57ca559096b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7218c2c4559847de0bddb94b83724e39ebd77984443a97b9d7dd23597db756ca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04d7448fbe968582df5512be809b8bd988158e0223d7b20f777c57ca559096b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4211D2321083096ACB15FFA4D952EBEBBE49B91340F04086DF682170A3DF71890AD752
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00B5D501
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00B5D50F
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00B5D52F
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B5D5DC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 85774f2f84f7b56c32979b41ebd80b574670653fbea31a8ef18f5f6a009c123f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e0ca960f0e3061d7186a43f324bc17fa323ee42815526cef6dc5266be59a4cc7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85774f2f84f7b56c32979b41ebd80b574670653fbea31a8ef18f5f6a009c123f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1031A1710083049FD310EF54D885BBFBBE8EF99344F50066DF685971A1EB719A49CBA2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00B35222), ref: 00B5DBCE
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00B5DBDD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B5DBEE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B5DBFA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d18a1879f89bd0c378741f6dcd884ec273b34edab5c41d2f11ca45f6ff058195
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3295a0d909d353dcb5a86920371b51b4fea1afd960912d96f4a5769d6c9f06e4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d18a1879f89bd0c378741f6dcd884ec273b34edab5c41d2f11ca45f6ff058195
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3F0A0708109109782316F78AC4D9AE3BACDE01336B104B82F836C20F0EFB05958C6A5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a607afe51560b79938432e77b86fcaca0c91145ea5ac21ee91e11f2c9367bcc6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0746a2c24bd4bb55ed70aa91123bcde94592fb32aae3c7173cd70a0d8f9aeb58
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a607afe51560b79938432e77b86fcaca0c91145ea5ac21ee91e11f2c9367bcc6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1D012B1808119EACB9097D0CCC99B9B7FCFB08301F5084D2F80692080E674C609BB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B14CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000,?,00B228E9), ref: 00B14D09
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000,?,00B228E9), ref: 00B14D10
                                                                                                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00B14D22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 27dc829fe0374a9a8a09e1ec24b6aec345bd759c30e66fd1cdce913f40028475
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 88f24935c6819b04d557d3c91a04823526bc0d4049aad49695106498cbee414b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27dc829fe0374a9a8a09e1ec24b6aec345bd759c30e66fd1cdce913f40028475
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8E0B671000148ABCF11AF54ED09A983FA9FB42B81B504064FC099B132CB35DD82DB94
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserNameW.ADVAPI32(?,?), ref: 00B4D28C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 50f7d8f3ac7eaef8095ad47683339668460ea338c9c42b48034064f22354d955
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7343e3de76fd3d76a1666c9a9db9c1e954ce1cf17f3f7836e67322258dfe609b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 50f7d8f3ac7eaef8095ad47683339668460ea338c9c42b48034064f22354d955
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 61D0C9B480111DEBCB90CB90DCC8DD9B7BCBB04345F100191F106A2140DB7096489F20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 0 b7aff9-b7b056 call b12340 3 b7b094-b7b098 0->3 4 b7b058-b7b06b call afb567 0->4 5 b7b0dd-b7b0e0 3->5 6 b7b09a-b7b0bb call afb567 * 2 3->6 15 b7b06d-b7b092 call afb567 * 2 4->15 16 b7b0c8 4->16 8 b7b0f5-b7b119 call af7510 call af7620 5->8 9 b7b0e2-b7b0e5 5->9 30 b7b0bf-b7b0c4 6->30 32 b7b11f-b7b178 call af7510 call af7620 call af7510 call af7620 call af7510 call af7620 8->32 33 b7b1d8-b7b1e0 8->33 12 b7b0e8-b7b0ed call afb567 9->12 12->8 15->30 21 b7b0cb-b7b0cf 16->21 26 b7b0d1-b7b0d7 21->26 27 b7b0d9-b7b0db 21->27 26->12 27->5 27->8 30->5 34 b7b0c6 30->34 81 b7b1a6-b7b1d6 GetSystemDirectoryW call b0fe0b GetSystemDirectoryW 32->81 82 b7b17a-b7b195 call af7510 call af7620 32->82 35 b7b1e2-b7b1fd call af7510 call af7620 33->35 36 b7b20a-b7b238 GetCurrentDirectoryW call b0fe0b GetCurrentDirectoryW 33->36 34->21 35->36 53 b7b1ff-b7b208 call b14963 35->53 45 b7b23c 36->45 48 b7b240-b7b244 45->48 50 b7b246-b7b270 call af9c6e * 3 48->50 51 b7b275-b7b285 call b600d9 48->51 50->51 64 b7b287-b7b289 51->64 65 b7b28b-b7b2e1 call b607c0 call b606e6 call b605a7 51->65 53->36 53->51 68 b7b2ee-b7b2f2 64->68 65->68 96 b7b2e3 65->96 70 b7b39a-b7b3be CreateProcessW 68->70 71 b7b2f8-b7b321 call b511c8 68->71 78 b7b3c1-b7b3d4 call b0fe14 * 2 70->78 86 b7b323-b7b328 call b51201 71->86 87 b7b32a call b514ce 71->87 101 b7b3d6-b7b3e8 78->101 102 b7b42f-b7b43d CloseHandle 78->102 81->45 82->81 107 b7b197-b7b1a0 call b14963 82->107 100 b7b32f-b7b33c call b14963 86->100 87->100 96->68 115 b7b347-b7b357 call b14963 100->115 116 b7b33e-b7b345 100->116 105 b7b3ed-b7b3fc 101->105 106 b7b3ea 101->106 109 b7b43f-b7b444 102->109 110 b7b49c 102->110 111 b7b401-b7b42a GetLastError call af630c call afcfa0 105->111 112 b7b3fe 105->112 106->105 107->48 107->81 117 b7b446-b7b44c CloseHandle 109->117 118 b7b451-b7b456 109->118 113 b7b4a0-b7b4a4 110->113 130 b7b4e5-b7b4f6 call b60175 111->130 112->111 123 b7b4a6-b7b4b0 113->123 124 b7b4b2-b7b4bc 113->124 133 b7b362-b7b372 call b14963 115->133 134 b7b359-b7b360 115->134 116->115 116->116 117->118 120 b7b463-b7b468 118->120 121 b7b458-b7b45e CloseHandle 118->121 127 b7b475-b7b49a call b609d9 call b7b536 120->127 128 b7b46a-b7b470 CloseHandle 120->128 121->120 123->130 131 b7b4c4-b7b4e3 call afcfa0 CloseHandle 124->131 132 b7b4be 124->132 127->113 128->127 131->130 132->131 146 b7b374-b7b37b 133->146 147 b7b37d-b7b398 call b0fe14 * 3 133->147 134->133 134->134 146->146 146->147 147->78
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7B198
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B1B0
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B1D4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7B200
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B214
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B236
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7B332
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B605A7: GetStdHandle.KERNEL32(000000F6), ref: 00B605C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7B34B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7B366
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B7B3B6
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00B7B407
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B7B439
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7B44A
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7B45C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7B46E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B7B4E3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a4555c26d16cafc00aea04e0c5e3477bd98712edfc72b54f7ea9a2cadccd3f8b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 02baea4059e123e3de25cf5114615c0cd609b9d1c37b58d440b23b18bcd55ae7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4555c26d16cafc00aea04e0c5e3477bd98712edfc72b54f7ea9a2cadccd3f8b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEF17A316082409FC724EF24C891B6EBBE5EF85314F14859DF9A99B2A2CB31EC44CF52
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFD730 Relevance: 21.6, APIs: 14, Instructions: 621windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00AFD807
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00AFDA07
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AFDB28
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00AFDB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00AFDB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AFDB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00AFDBB1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 036180f7c3915d9f8b17f689c9c5ccc4049e85b91e2d06e7acd1cd1bfd5807ea
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 63e287ec898c0ccadccc079e849850cdb82b5f93dc8cb58410a613231af9ca91
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 036180f7c3915d9f8b17f689c9c5ccc4049e85b91e2d06e7acd1cd1bfd5807ea
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B421230604346DFD72ACF64C884B7ABBE2FF45304F544999F695872A1CB70E944EB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AF2D07
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(00000030), ref: 00AF2D31
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AF2D42
                                                                                                                                                                                                                                                                                                                                                                                • InitCommonControlsEx.COMCTL32(?), ref: 00AF2D5F
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AF2D6F
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A9), ref: 00AF2D85
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AF2D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: de126457e343b583e0d93afb53de1574f9d16b06cf836e7f99a67a9993b61227
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9f9c9d8d0f034eda210f80bae4442c4957e72b77abad48b53a190a96fe26166f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de126457e343b583e0d93afb53de1574f9d16b06cf836e7f99a67a9993b61227
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C21B2B5901218AFDB00DFA8EC49A9DBFB8FB09704F10851AE511B72A1DBB14544CFA5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B3065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 460 b3065b-b3068b call b3042f 463 b306a6-b306b2 call b25221 460->463 464 b3068d-b30698 call b1f2c6 460->464 469 b306b4-b306c9 call b1f2c6 call b1f2d9 463->469 470 b306cb-b30714 call b3039a 463->470 471 b3069a-b306a1 call b1f2d9 464->471 469->471 479 b30781-b3078a GetFileType 470->479 480 b30716-b3071f 470->480 481 b3097d-b30983 471->481 482 b307d3-b307d6 479->482 483 b3078c-b307bd GetLastError call b1f2a3 CloseHandle 479->483 485 b30721-b30725 480->485 486 b30756-b3077c GetLastError call b1f2a3 480->486 488 b307d8-b307dd 482->488 489 b307df-b307e5 482->489 483->471 497 b307c3-b307ce call b1f2d9 483->497 485->486 490 b30727-b30754 call b3039a 485->490 486->471 493 b307e9-b30837 call b2516a 488->493 489->493 494 b307e7 489->494 490->479 490->486 503 b30847-b3086b call b3014d 493->503 504 b30839-b30845 call b305ab 493->504 494->493 497->471 510 b3087e-b308c1 503->510 511 b3086d 503->511 504->503 509 b3086f-b30879 call b286ae 504->509 509->481 513 b308c3-b308c7 510->513 514 b308e2-b308f0 510->514 511->509 513->514 516 b308c9-b308dd 513->516 517 b308f6-b308fa 514->517 518 b3097b 514->518 516->514 517->518 519 b308fc-b3092f CloseHandle call b3039a 517->519 518->481 522 b30963-b30977 519->522 523 b30931-b3095d GetLastError call b1f2a3 call b25333 519->523 522->518 523->522
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B3039A: CreateFileW.KERNEL32(00000000,00000000,?,00B30704,?,?,00000000,?,00B30704,00000000,0000000C), ref: 00B303B7
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B3076F
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00B30776
                                                                                                                                                                                                                                                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 00B30782
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B3078C
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00B30795
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B307B5
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B308FF
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B30931
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00B30938
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 405381f633c19402c286c188c0b8de4a0fa7a325c81b2b342346ca2d95123c57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a52854ae45fc2fb27bb83c3deb93b22cafd268e8645982781f0b8934108f81e5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 405381f633c19402c286c188c0b8de4a0fa7a325c81b2b342346ca2d95123c57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22A1F832A241198FDF19BF68D861BAD7BE0EF4A320F24019DF8159B291DB319D52CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00BC1418,?,00AF2E7F,?,?,?,00000000), ref: 00AF3A78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AF3379
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AF356A
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00B3318D
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00B331CE
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00B33210
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B33277
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B33286
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cceaf2c34542af33a39ef266a7673bac70fe4eb4ce1e81a757bbbaf6c2347d92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 770b4ff5595a04a50fbff19bd4cf3c4de2823b5ec03068297eee79b16b59ce0f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cceaf2c34542af33a39ef266a7673bac70fe4eb4ce1e81a757bbbaf6c2347d92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F9718B725043459EC314EFA5DC82DABBBE8FF88740F50096EF585831A0EF749A48CB66
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00AF2B8E
                                                                                                                                                                                                                                                                                                                                                                                • LoadCursorW.USER32(00000000,00007F00), ref: 00AF2B9D
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00AF2BB3
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A4), ref: 00AF2BC5
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(000000A2), ref: 00AF2BD7
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AF2BEF
                                                                                                                                                                                                                                                                                                                                                                                • RegisterClassExW.USER32(?), ref: 00AF2C40
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: GetSysColorBrush.USER32(0000000F), ref: 00AF2D07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: RegisterClassExW.USER32(00000030), ref: 00AF2D31
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AF2D42
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00AF2D5F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AF2D6F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: LoadIconW.USER32(000000A9), ref: 00AF2D85
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AF2D94
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b94d591046be59c19cabc9e763e025098234ef80094473a0a72745898f4cde77
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb7b1828f69cc8ac784a15a728a53b93a07aa46f93f7c17b8a02f9e58cf61a57
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b94d591046be59c19cabc9e763e025098234ef80094473a0a72745898f4cde77
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 692128B5A00358ABDB10DFA9EC45EA97FB4FB8DB54F00041AE600B76A1DBB54950CF98
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 601 af3170-af3185 602 af3187-af318a 601->602 603 af31e5-af31e7 601->603 605 af318c-af3193 602->605 606 af31eb 602->606 603->602 604 af31e9 603->604 607 af31d0-af31d8 DefWindowProcW 604->607 610 af3199-af319e 605->610 611 af3265-af326d PostQuitMessage 605->611 608 b32dfb-b32e23 call af18e2 call b0e499 606->608 609 af31f1-af31f6 606->609 612 af31de-af31e4 607->612 644 b32e28-b32e2f 608->644 614 af321d-af3244 SetTimer RegisterWindowMessageW 609->614 615 af31f8-af31fb 609->615 617 af31a4-af31a8 610->617 618 b32e7c-b32e90 call b5bf30 610->618 613 af3219-af321b 611->613 613->612 614->613 623 af3246-af3251 CreatePopupMenu 614->623 620 af3201-af320f KillTimer call af30f2 615->620 621 b32d9c-b32d9f 615->621 624 af31ae-af31b3 617->624 625 b32e68-b32e72 call b5c161 617->625 618->613 637 b32e96 618->637 641 af3214 call af3c50 620->641 629 b32da1-b32da5 621->629 630 b32dd7-b32df6 MoveWindow 621->630 623->613 626 af31b9-af31be 624->626 627 b32e4d-b32e54 624->627 642 b32e77 625->642 635 af31c4-af31ca 626->635 636 af3253-af3263 call af326f 626->636 627->607 640 b32e5a-b32e63 call b50ad7 627->640 638 b32da7-b32daa 629->638 639 b32dc6-b32dd2 SetFocus 629->639 630->613 635->607 635->644 636->613 637->607 638->635 645 b32db0-b32dc1 call af18e2 638->645 639->613 640->607 641->613 642->613 644->607 649 b32e35-b32e48 call af30f2 call af3837 644->649 645->613 649->607
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00AF316A,?,?), ref: 00AF31D8
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?,?,?,?,00AF316A,?,?), ref: 00AF3204
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AF3227
                                                                                                                                                                                                                                                                                                                                                                                • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00AF316A,?,?), ref: 00AF3232
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00AF3246
                                                                                                                                                                                                                                                                                                                                                                                • PostQuitMessage.USER32(00000000), ref: 00AF3267
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                                • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b915056d40e736f0fd430280e55135be0404aa06ede8f6ff02643afe1b803c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa02c57b1964801746d53e2662ff1c07d4c4fb1f46133ac369abed83b4e1a43d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b915056d40e736f0fd430280e55135be0404aa06ede8f6ff02643afe1b803c3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60412937240208A6DF142FFC9D09FB93AA5E75A344F140569FB16972A2CF71CE41C7A5
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 657 af1410-af1449 658 af144f-af1465 mciSendStringW 657->658 659 b324b8-b324b9 DestroyWindow 657->659 660 af146b-af1473 658->660 661 af16c6-af16d3 658->661 662 b324c4-b324d1 659->662 660->662 663 af1479-af1488 call af182e 660->663 664 af16f8-af16ff 661->664 665 af16d5-af16f0 UnregisterHotKey 661->665 668 b324d3-b324d6 662->668 669 b32500-b32507 662->669 677 af148e-af1496 663->677 678 b3250e-b3251a 663->678 664->660 667 af1705 664->667 665->664 666 af16f2-af16f3 call af10d0 665->666 666->664 667->661 673 b324e2-b324e5 FindClose 668->673 674 b324d8-b324e0 call af6246 668->674 669->662 672 b32509 669->672 672->678 676 b324eb-b324f8 673->676 674->676 676->669 680 b324fa-b324fb call b632b1 676->680 681 b32532-b3253f 677->681 682 af149c-af14c1 call afcfa0 677->682 683 b32524-b3252b 678->683 684 b3251c-b3251e FreeLibrary 678->684 680->669 689 b32541-b3255e VirtualFree 681->689 690 b32566-b3256d 681->690 694 af14f8-af1503 CoUninitialize 682->694 695 af14c3 682->695 683->678 688 b3252d 683->688 684->683 688->681 689->690 693 b32560-b32561 call b63317 689->693 690->681 691 b3256f 690->691 697 b32574-b32578 691->697 693->690 694->697 699 af1509-af150e 694->699 698 af14c6-af14f6 call af1a05 call af19ae 695->698 697->699 700 b3257e-b32584 697->700 698->694 702 b32589-b32596 call b632eb 699->702 703 af1514-af151e 699->703 700->699 715 b32598 702->715 706 af1707-af1714 call b0f80e 703->706 707 af1524-af15a5 call af988f call af1944 call af17d5 call b0fe14 call af177c call af988f call afcfa0 call af17fe call b0fe14 703->707 706->707 718 af171a 706->718 720 b3259d-b325bf call b0fdcd 707->720 746 af15ab-af15cf call b0fe14 707->746 715->720 718->706 726 b325c1 720->726 728 b325c6-b325e8 call b0fdcd 726->728 734 b325ea 728->734 737 b325ef-b32611 call b0fdcd 734->737 743 b32613 737->743 747 b32618-b32625 call b564d4 743->747 746->728 752 af15d5-af15f9 call b0fe14 746->752 753 b32627 747->753 752->737 758 af15ff-af1619 call b0fe14 752->758 756 b3262c-b32639 call b0ac64 753->756 761 b3263b 756->761 758->747 763 af161f-af1643 call af17d5 call b0fe14 758->763 764 b32640-b3264d call b63245 761->764 763->756 772 af1649-af1651 763->772 770 b3264f 764->770 773 b32654-b32661 call b632cc 770->773 772->764 774 af1657-af1675 call af988f call af190a 772->774 780 b32663 773->780 774->773 782 af167b-af1689 774->782 783 b32668-b32675 call b632cc 780->783 782->783 784 af168f-af16c5 call af988f * 3 call af1876 782->784 788 b32677 783->788 788->788
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00AF1459
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.COMBASE ref: 00AF14F8
                                                                                                                                                                                                                                                                                                                                                                                • UnregisterHotKey.USER32(?), ref: 00AF16DD
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00B324B9
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00B3251E
                                                                                                                                                                                                                                                                                                                                                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00B3254B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a7d0f2115c9b7bb4858fb13ad7df8e82d952351c8e4eb3b3d1b7a28d70f5fd62
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 737a2c24a92cc7cc6667c62bcc7a3ac4c0ff11c04621f3ec73c1d50ccfacb355
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a7d0f2115c9b7bb4858fb13ad7df8e82d952351c8e4eb3b3d1b7a28d70f5fd62
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9CD14871701212CFCB29EF55C999A29F7A0BF05740F2542EDE64AAB261DB30AD12CF91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 796 b5de27-b5de4a WSAStartup 797 b5dee6-b5def2 call b14983 796->797 798 b5de50-b5de71 gethostname gethostbyname 796->798 806 b5def3-b5def6 797->806 798->797 799 b5de73-b5de7a 798->799 801 b5de83-b5de85 799->801 802 b5de7c-b5de81 799->802 804 b5de87-b5de94 call b14983 801->804 805 b5de96-b5dedb call b10e20 inet_ntoa call b1d5f0 call b5ebd1 call b14983 call b0fe14 801->805 802->801 802->802 811 b5dede-b5dee4 WSACleanup 804->811 805->811 811->806
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f93999bb03f2a540b19c9d516c3e81a31be9d1d8ae39c7d4f3749271e646f085
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1cfd924d2e1487877e7de3557ccffc70888fdc4125f3b30a7afb436297bbfc1c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f93999bb03f2a540b19c9d516c3e81a31be9d1d8ae39c7d4f3749271e646f085
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5511B771904119AFDB34AB609C4AFEE7BECDB15712F1002E9F945A70A1EF718E85CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 830 af2c63-af2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AF2C91
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AF2CB2
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AF1CAD,?), ref: 00AF2CC6
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AF1CAD,?), ref: 00AF2CCF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c461fd3c48b5f864ab818fd9714e07fbf1a44c2feb2c4ae721d4a4c0e3063449
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ddcedbfb9c639e913a22e9e769842f4892801cb07ac4eb5a432bafd16fac350
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c461fd3c48b5f864ab818fd9714e07fbf1a44c2feb2c4ae721d4a4c0e3063449
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FF0D4B56402D07AEB311B2BAC08E772EBDD7CBF64B01049AF904A35B1CA751850DAB8
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 981 af3b1c-af3b27 982 af3b99-af3b9b 981->982 983 af3b29-af3b2e 981->983 984 af3b8c-af3b8f 982->984 983->982 985 af3b30-af3b48 RegOpenKeyExW 983->985 985->982 986 af3b4a-af3b69 RegQueryValueExW 985->986 987 af3b6b-af3b76 986->987 988 af3b80-af3b8b RegCloseKey 986->988 989 af3b78-af3b7a 987->989 990 af3b90-af3b97 987->990 988->984 991 af3b7e 989->991 990->991 991->988
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B40
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B61
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B83
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5f79c5da29d13c25e92956a27f5b4214874c7955b33806e638e942bb93e50308
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6e90b99bade49693dc89a345d729ef360be93ef1ec718958555d793c95693f2b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f79c5da29d13c25e92956a27f5b4214874c7955b33806e638e942bb93e50308
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58112AB6511209FFDF218FA5DC54ABEBBB8EF04784B10445AB906D7120D6719E409760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                                                                                                control_flow_graph 992 b4d3a0-b4d3a9 993 b4d376-b4d37b 992->993 994 b4d3ab-b4d3b7 992->994 995 b4d292-b4d2a8 993->995 996 b4d3c9 994->996 997 b4d3b9-b4d3c7 GetProcAddress 994->997 1000 b4d2a9 995->1000 999 b4d3ce-b4d3de 996->999 997->996 997->999 999->995 1002 b4d3e4-b4d3eb FreeLibrary 999->1002 1000->1000 1002->995
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00B4D3BF
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32 ref: 00B4D3E5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 146aece8a2313ab6973dd20ee0b92a7480b8cbde22ddee9c4a180698e51e48f9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ebb4a1e86a8e330f0b006d35b2f5f8b15502eae657cc3f101fe62593eecde34
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 146aece8a2313ab6973dd20ee0b92a7480b8cbde22ddee9c4a180698e51e48f9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5FF027725016019BC3302A108C88A693BE4AF11B01B9081C9F006F20A4DBB0CA40A75A
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFDFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • Variable must be of type 'Object'., xrefs: 00B432B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d261dda8b9fa7b94cd308eac0a5d80a9abe966cdf0d4a3456843bde61167c8f3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af07c3a2a57621eb80a15c6e3c4c267b90b8a9c689ff5d81860298055bf6983f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d261dda8b9fa7b94cd308eac0a5d80a9abe966cdf0d4a3456843bde61167c8f3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48C27C71A00209CFCB24DF98C884ABDB7F1FF18710F248169EA55AB2A1D775EE41DB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFEC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00AFFE66
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d7c404c5120d44a396a7ab8d02d861be2b41bb45d658870d4f884fb4e00e9275
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d871d10b690322baa4592a29687010d729fee6cf69a9eb189a4a8ff97d6028c8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7c404c5120d44a396a7ab8d02d861be2b41bb45d658870d4f884fb4e00e9275
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EEB24774608345CFDB24CF58C480A2AB7F1BF99310F2449ADFA859B3A1DB71E941DB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00B333A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AF3A04
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8055e16f3116633c8a0d9e719ba214a896814e840d940f64586b5a6369d7057
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ef75aee57dcde96155062d4302329fa540fa947cae0f71a42d904cb9d012839
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8055e16f3116633c8a0d9e719ba214a896814e840d940f64586b5a6369d7057
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB312672408308AAC721EB54DC45FFBB7E8AB85754F10496EF69993091DF709A48C7C6
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00B10668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B132A4: RaiseException.KERNEL32(?,?,?,00B1068A,?,00BC1444,?,?,?,?,?,?,00B1068A,00AF1129,00BB8738,00AF1129), ref: 00B13304
                                                                                                                                                                                                                                                                                                                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00B10685
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b24ca07424dc9f2956c4be0c18439946faa255386c7aebb90286df501dbb4036
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8736afd89de85dd36f93123c5b76f2f62057e2c98143d1a1290249cbaf27c1f7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b24ca07424dc9f2956c4be0c18439946faa255386c7aebb90286df501dbb4036
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05F0683490020DB7CB14B664D886CED7BED9E40750BE045F1B914959E5EFB1DAD5C6C0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AF1BF4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AF1BFC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AF1C07
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AF1C12
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AF1C1A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AF1C22
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF1B4A: RegisterWindowMessageW.USER32(00000004,?,00AF12C4), ref: 00AF1BA2
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00AF136A
                                                                                                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32 ref: 00AF1388
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000), ref: 00B324AB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1960a539db0dd2dc442f39005e6838ad670f4ba438134bed5ba41bcd3c63a743
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0f01af25e1470cd4b38db2a16128f101e1fbffc7aa4c670c8104aaa21a1f355d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1960a539db0dd2dc442f39005e6838ad670f4ba438134bed5ba41bcd3c63a743
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2271AEB59152048EC384EF7DA945E653AE4BBAE3407548AAEE51AF7373EF308401CF54
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5C161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AF3A04
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00B5C259
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,00000001,?,?), ref: 00B5C261
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B5C270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 151ccfb6e438cae4915a2a1ea1984dd50df5b8fc3f33628f65f52d325cdb69fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10284de798e504e59dbc1b6d51cfaecd0ec750bf02d1f39c0b5b3afbad37c1a8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 151ccfb6e438cae4915a2a1ea1984dd50df5b8fc3f33628f65f52d325cdb69fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF31D770904344AFEB328F648895BE7BFEDAF06309F0004DEDADAA7241C7755A88CB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B286AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00000000,?,?,00B285CC,?,00BB8CC8,0000000C), ref: 00B28704
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00B285CC,?,00BB8CC8,0000000C), ref: 00B2870E
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00B28739
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe0e93617d448b2bb065138627df96ea771103d5d8943ce4e3b64d9e1753bb43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 16e10d933db602032e2d7775e25be6aa5c981ef356ea2a5a92789d3ee799c522
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe0e93617d448b2bb065138627df96ea771103d5d8943ce4e3b64d9e1753bb43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE012B3260663026D636A234B849B7E6BD98B91775F3902D9F81D8B1E3DEB08C81C294
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFDB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00AFDB7B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00AFDB89
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AFDB9F
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00AFDBB1
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,?,?), ref: 00B41CC9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a9f2fa0538fe5c1dd275bc0b036280ae26f65866fd3c6edc7ef1498e1ab40c35
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e9f6e6a72c31dc7912fd8c3a3d791732bb9a4bacf0314bad0658fe6a30b050a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9f2fa0538fe5c1dd275bc0b036280ae26f65866fd3c6edc7ef1498e1ab40c35
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30F05E706043449BEB30CBA48C89FEA77E9EB45350F104A58F61A970D0DB30D888DB25
                                                                                                                                                                                                                                                                                                                                                                                Function 00B01310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00B017F6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fb1e16bc05d4c20931316e10309c6e9292363c34e3db70a008cf170651b6d23d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 72270476490b9335c5f1e23574bdfa34e347d5c046a8acb3f7c19098a941d423
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb1e16bc05d4c20931316e10309c6e9292363c34e3db70a008cf170651b6d23d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE227A706083419FC718DF18C890A2ABBF1FF99314F1489ADF5968B3A1D772E945CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B001E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: afc5ce93c9750606ef357eb931b5f28c2df0269f0da207b4224cd2df5dbbf17b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 628135e77f0d7a74de735384422ec560d07e86e65f007488f71b61fec8a03a9d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: afc5ce93c9750606ef357eb931b5f28c2df0269f0da207b4224cd2df5dbbf17b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09328270A00A05DFCB24EF54C885BAEBBF1EF15310F1485A9E9159B2E2D731EE44DB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(?), ref: 00B32C8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AF2DC4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9faafa51c7d1e751f278d3a8a52b64c2b9f713126c2d7878893310c2de4fb4a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fec65e7b309784bbf729c993a8bed41674542d937d864ad259ff5195d1b06f9b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9faafa51c7d1e751f278d3a8a52b64c2b9f713126c2d7878893310c2de4fb4a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3215171A1029C9FDF01EF98C845BEE7BF8AF49314F104059F505A7241DBB85A898B61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetComputerNameW.KERNEL32(?,?), ref: 00B4D375
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1cc7d6bb52b79968cd34046afc378a4ec9d502aed9042e997149489eab52e559
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aede05f0afd04ae045ff4703bfbea6860fab40552f224487e051dd67b7185926
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1cc7d6bb52b79968cd34046afc378a4ec9d502aed9042e997149489eab52e559
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36D0C9B580521CEBCB90CB80DCC8DD9B7FCBB04301F5041D1F006A2140DB709648AB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AF3908
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e932a631fd58a394de7db38e3472e529c129d22708cdc3f41693f5c36d86248
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 87ee4876ea6be97f2863cf9c595007ca4cf008f5cfd27f5f788743d06e4fcaeb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e932a631fd58a394de7db38e3472e529c129d22708cdc3f41693f5c36d86248
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4231F7715043049FD720DF64D884BA7BBF4FF89748F00086EFA9993251D775AA44CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00B0F661
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AFD730: GetInputState.USER32 ref: 00AFD807
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00B4F2DE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 17a554e8a77a06e0f941d66e5dbee0c1f19c981b16ddda86a45ae5852b3c1445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f85139422f9f8e91b2eba5a28d58831a124bb7c4854229a04f91454a1d94857d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 17a554e8a77a06e0f941d66e5dbee0c1f19c981b16ddda86a45ae5852b3c1445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5F08C712402099FD310EFA9D559B6ABBE9EF45760F000069F95AC72A1DF70A800CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFB710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00AFBB4E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 33c22d2d6a36ca7f6e3e95b820efcf1918313bc4c7edb126a9e94c08013d13db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ecb01ea1844b64689d6bcf7e86c1b3be249229981d962bfe869d5a7237499f7d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 33c22d2d6a36ca7f6e3e95b820efcf1918313bc4c7edb126a9e94c08013d13db
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3932AE75A10209DFDB20DF94C894EBAB7F5EF48340F148099FA15AB291C7B4EE41DBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E9C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AF4EAE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E90: FreeLibrary.KERNEL32(00000000,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EC0
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E62
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AF4E74
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF4E59: FreeLibrary.KERNEL32(00000000,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E87
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 004fef9b496ae64598715c1747cd367b9b65b844d6e856394832f39970512c48
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 606420d268e394ca2b2d5d173d931b92017b2cf7e1e76f0bc2136defc301a8f9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 004fef9b496ae64598715c1747cd367b9b65b844d6e856394832f39970512c48
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2811C431610209AADB14BBA4DD02BBE77E5AF44B10F204429F646A71D1DE709A459750
                                                                                                                                                                                                                                                                                                                                                                                Function 00B28402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc71b465fd13ec8171353b13784116abbddbfaf3af7663d5570a482dfcffc9ac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f29dcf9d1fdb709fb1b5bc7f1a2bba27132e509e48b59e2681d5daeb602af795
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc71b465fd13ec8171353b13784116abbddbfaf3af7663d5570a482dfcffc9ac
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611187590410AAFCB05DF58E94199A7BF5EF48314F144099F818AB312DA31EA21CBA5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B25000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B24C7D: RtlAllocateHeap.NTDLL(00000008,00AF1129,00000000,?,00B22E29,00000001,00000364,?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?), ref: 00B24CBE
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2506C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 918670f32815741025b7273cef7b8a60ab92dd570c2cf437b3fc24955495ca98
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C012B722047146BE3318F55AC8195AFBECFB89370F65055DE198832C0E6306805C674
                                                                                                                                                                                                                                                                                                                                                                                Function 00B1E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d71f8b4dc4f85a3f9d4712e28c63ba4491431a791d0e970d93fa5cbaee0ad21a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5F0F932511A20A6C6313A65AC05BD633D89F53370F9007E5F835D21D1CB74D88185A5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B24C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000008,00AF1129,00000000,?,00B22E29,00000001,00000364,?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?), ref: 00B24CBE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f0315e808d53e480c2d6a6271c3389b12926f3a3b7795f91994eed1dddb933b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 644c1265150c258cacb2f763bfde6e76e8e21bab760ef3d793eed78cf5f1d28c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f0315e808d53e480c2d6a6271c3389b12926f3a3b7795f91994eed1dddb933b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14F0E931602234A7DB216F6AFC09F9B37C8FF417A0B1442A1B81DE7A95CF70D84186E0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B23820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e599c25a3c5fa8b6dea1508b5a80397753fdd1be2587b15aa49372c070b91f8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b8ff40f30089934d34a13912a09be83ea9c4de9a71cf1aa4cce7811673a0bed4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e599c25a3c5fa8b6dea1508b5a80397753fdd1be2587b15aa49372c070b91f8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EE0E532100234A6D6212666BC44BDA37D9EB42FB0F1600A0BD0DAE591DB29DD4183E1
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4F6D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e384ab0ecc5026966666063c9074dd8bd012451de2319624caef069e397fb6fe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 199c06c29386f9246bfc9d67e85a9ba3e41f2d941dff6118b143828204699894
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e384ab0ecc5026966666063c9074dd8bd012451de2319624caef069e397fb6fe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D1F01571505756CFDB349FA4D494823BBF4AF18729320896EF2EE83621CB319888DB10
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00B82A66
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c6babebdd556a3901f597f700969f35552649c4c18a6aefb21aeeaf8a2da1a92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b67320cdad110a313253fc2fdf07e7dfb19e2f32e70c54bb19c994782030d709
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c6babebdd556a3901f597f700969f35552649c4c18a6aefb21aeeaf8a2da1a92
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23E04F76350116AAC718FB30DC809FA77DCEF5039571045B6AC26D2220EB34D995C7A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AF314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0cc745ebd8844e20e4642b8b4cf80fc4dccf4a96d0d012e6378ef9538a9d2bc6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6bb0040d621a26eaeedc07220b7926b176084ee447f38142264c8c0707dd3996
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0cc745ebd8844e20e4642b8b4cf80fc4dccf4a96d0d012e6378ef9538a9d2bc6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75F0A770900348AFEB529B24DC45BD57BFCB74570CF0000E5A648A7292DB704798CF55
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AF2DC4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6a46b88caef1011d6c4f9886f8e875fa0302d48cb1d91ab0960d5b36d9ecb706
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: db7ef3b6c7e69eca2ad15dfa77d6ef10a874a03351d84dec4effa2309698de65
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a46b88caef1011d6c4f9886f8e875fa0302d48cb1d91ab0960d5b36d9ecb706
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DEE0CD726001245BC71096989C05FEA77DDDFC8790F0400B1FD09D7258D970AD80C650
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AF3908
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AFD730: GetInputState.USER32 ref: 00AFD807
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF2B6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AF314E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3a7a8605a8eddab929b79a399b4b0c54e423cf45ffa86e40d968056d9692141a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 881611ff34ec383f8d8a58477312ac8ee940100e06a8d4e8aeee44288544ed0a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a7a8605a8eddab929b79a399b4b0c54e423cf45ffa86e40d968056d9692141a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8DE0863370424C06CB08BBF59952A7DA759DBD6352F40197EF74257263CF2485458752
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5DF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 00B5DF40
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dec8a9d764f114807d924f3007dbecd56eed5c409b2b0816903691cd0b1b6a14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d548c4b54a5388072d33a5c218d109a0ef05fe304538ec71b404ba6761ab2264
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dec8a9d764f114807d924f3007dbecd56eed5c409b2b0816903691cd0b1b6a14
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EDD05EE2A002282BDF60A6749D0DDF73AACCB40210F0006A0786DD3152E930DD8486B0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B3039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00000000,?,00B30704,?,?,00000000,?,00B30704,00000000,0000000C), ref: 00B303B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f120cd12bf3ca830ace66f0f95fdf935a48143d0fea53fc00beb052c2268ca2b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f408591e16abd2ade773463e69b659b402e39421d222b2c52bb5a10fd41660a8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f120cd12bf3ca830ace66f0f95fdf935a48143d0fea53fc00beb052c2268ca2b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10D06C3204010DBBDF029F84DD46EDA3FAAFB48714F014000BE1866020C732E821EB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00AF1CBC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f210bbc51a465dc0e77409ded40f8425592461b17f96efb4a57256b1c3c1c02e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 18e9aed0fb7e117c0f9c567befc47cc40fb243bf762f81fd2b33f8673005be3e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f210bbc51a465dc0e77409ded40f8425592461b17f96efb4a57256b1c3c1c02e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82C09B35280304AFF6145784BC4BF517754A39CB04F044401F609675F3CBF11410D754

                                                                                                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                                Function 00B89576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B8961A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B8965B
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B8969F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B896C9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B896F2
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00B8978B
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000009), ref: 00B89798
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B897AE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000010), ref: 00B897B8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B897E9
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B89810
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001030,?,00B87E95), ref: 00B89918
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B8992E
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B89941
                                                                                                                                                                                                                                                                                                                                                                                • SetCapture.USER32(?), ref: 00B8994A
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00B899AF
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B899BC
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B899D6
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00B899E1
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B89A19
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00B89A26
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B89A80
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B89AAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B89AEB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B89B1A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B89B3B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B89B4A
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B89B68
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00B89B75
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00B89B93
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B89BFA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B89C2B
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00B89C84
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B89CB4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B89CDE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32 ref: 00B89D01
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00B89D4E
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B89D82
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B89E05
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8d2fa0b3cbd26f28debc918e4d79c919312b318139a612d37c39ef71a97ff7bd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 90cf1ef38243b1550af55b6deed466d3bd7cd0f00d457044ecb2c0801c57795e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d2fa0b3cbd26f28debc918e4d79c919312b318139a612d37c39ef71a97ff7bd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8428E74204201AFDB25EF28CC84EBABBE5FF49310F180A99F659972B1EB71D854CB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B84873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B848F3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B84908
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B84927
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B8494B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B8495C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B8497B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B849AE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B849D4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B84A0F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B84A56
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B84A7E
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00B84A97
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B84AF2
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B84B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B84B94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B84BE3
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B84C82
                                                                                                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00B84CAE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B84CC9
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B84CF1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B84D13
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B84D33
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B84D5A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 48297a5d3cb4122226879e0b76d8867f751377abd4deb9f8bfb3a60efc3c1cff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f983f67e2dcfbdd74d2d8989561497a79c03f34b0fe5e267818be563b8d364c6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48297a5d3cb4122226879e0b76d8867f751377abd4deb9f8bfb3a60efc3c1cff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B12E071600256ABEB24AF28CC49FAE7BF8EF45710F1041A9F51AEB2F1DB749940CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00B0F998
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B4F474
                                                                                                                                                                                                                                                                                                                                                                                • IsIconic.USER32(00000000), ref: 00B4F47D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000009), ref: 00B4F48A
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00B4F494
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B4F4AA
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00B4F4B1
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B4F4BD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B4F4CE
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B4F4D6
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00B4F4DE
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00B4F4E1
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F4F6
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00B4F501
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F50B
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00B4F510
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F519
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00B4F51E
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F528
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(00000012,00000000), ref: 00B4F52D
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00B4F530
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00B4F557
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c05f7fb649e9a7d69607a333197fe68b3ea656153a67155cc9b7781ccd451dfa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d21763c49a51121fb3a6e91996e85d5dd1d4caf5bb8311b7b7d0e7a8097c0723
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c05f7fb649e9a7d69607a333197fe68b3ea656153a67155cc9b7781ccd451dfa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6131E1B1A40219BAEB216BB55C4AFBF7EACEB44B50F100065F605E71E1DAB15D00EB71
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: GetLastError.KERNEL32 ref: 00B5174A
                                                                                                                                                                                                                                                                                                                                                                                • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00B51286
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00B512A8
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B512B9
                                                                                                                                                                                                                                                                                                                                                                                • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B512D1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessWindowStation.USER32 ref: 00B512EA
                                                                                                                                                                                                                                                                                                                                                                                • SetProcessWindowStation.USER32(00000000), ref: 00B512F4
                                                                                                                                                                                                                                                                                                                                                                                • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B51310
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B511FC), ref: 00B510D4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510BF: CloseHandle.KERNEL32(?,?,00B511FC), ref: 00B510E9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 584ceeaa222647fda9fd14253fd5b4c5ef7efe1afa6fc56d9b03a9bdfeeaaae8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b4f1a3be4028e9de41150e5f25eec2dc5654696d881f8ef4e8b73f65fafdee6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 584ceeaa222647fda9fd14253fd5b4c5ef7efe1afa6fc56d9b03a9bdfeeaaae8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 528179B1900209ABDF219FA8DC49FEE7BF9EF04705F1445A9F910B62A0DB758949CF21
                                                                                                                                                                                                                                                                                                                                                                                Function 00B50B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B50BCC
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B50C00
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00B50C17
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00B50C51
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B50C6D
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00B50C84
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B50C8C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00B50C93
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B50CB4
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00B50CBB
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B50CEA
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B50D0C
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B50D1E
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D45
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50D4C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D55
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50D5C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D65
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00B50D78
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50D7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: GetProcessHeap.KERNEL32(00000008,00B50BB1,?,00000000,?,00B50BB1,?), ref: 00B511A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B50BB1,?), ref: 00B511A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B50BB1,?), ref: 00B511B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a8b568adcbc96529c4f28941793a1964549123da12a1e98e913ccd68a58e3cae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9615bfd29482f299939b4d392ebd58c5106116a038f7668007ec7156816d718a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8b568adcbc96529c4f28941793a1964549123da12a1e98e913ccd68a58e3cae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2D713AB190020AEBDF10AFA4DC48BEEBBB8EF05351F1445A5ED15A71A1DB71A909CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • OpenClipboard.USER32(00B8CC08), ref: 00B6EB29
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000D), ref: 00B6EB37
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000D), ref: 00B6EB43
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00B6EB4F
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00B6EB87
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00B6EB91
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00B6EBBC
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(00000001), ref: 00B6EBC9
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(00000001), ref: 00B6EBD1
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00B6EBE2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00B6EC22
                                                                                                                                                                                                                                                                                                                                                                                • IsClipboardFormatAvailable.USER32(0000000F), ref: 00B6EC38
                                                                                                                                                                                                                                                                                                                                                                                • GetClipboardData.USER32(0000000F), ref: 00B6EC44
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00B6EC55
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00B6EC77
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B6EC94
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B6ECD2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00B6ECF3
                                                                                                                                                                                                                                                                                                                                                                                • CountClipboardFormats.USER32 ref: 00B6ED14
                                                                                                                                                                                                                                                                                                                                                                                • CloseClipboard.USER32 ref: 00B6ED59
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e6ef491f6c989464b0ff9eb81bb920cabb8fe3c946f0cd8dd4bda36c16106339
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e049f88601fe51c0e23ba87414b0913575a32b2a97cb4e2197b2b8996d9f0f35
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6ef491f6c989464b0ff9eb81bb920cabb8fe3c946f0cd8dd4bda36c16106339
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A261FF79204205AFD300EF60D888F7A7BE4EF84744F1845A9F566872A2DF35DD05CBA2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B669BE
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B66A12
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B66A4E
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B66A75
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B66AB2
                                                                                                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B66ADF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 85af25cc84a37daf61df59cd6d15f7b3e8197fefccaef48404c250ccb6b6c506
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6b12508aee3b8a6d2ab5037753e1372289240e98c05f41cc6f955b4cea3687ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85af25cc84a37daf61df59cd6d15f7b3e8197fefccaef48404c250ccb6b6c506
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E1D14EB2508304AFC314EBA5C992EBBB7ECAF88704F04495DF685C7191EB74DA44CB62
                                                                                                                                                                                                                                                                                                                                                                                Function 00B69642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B69663
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00B696A1
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,?), ref: 00B696BB
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00B696D3
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B696DE
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00B696FA
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B6974A
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00BB6B7C), ref: 00B69768
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B69772
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B6977F
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B6978F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 016a6783d402367746ed227cf6819cfe79083d4a7316d49563bde262dff0c192
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 946342f320d43ad72318a37368925cf2fffed63556650d832e8118a0030b3c77
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 016a6783d402367746ed227cf6819cfe79083d4a7316d49563bde262dff0c192
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9131A272541219AADF24AFB4EC49AEE77ECDF49320F1041E5E815E30A0DB78DE44CB64
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B697BE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00B69819
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B69824
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(*.*,?), ref: 00B69840
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B69890
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(00BB6B7C), ref: 00B698AE
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B698B8
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B698C5
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B698D5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00B5DB00
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c1fb9ac0ae7efe740e96ef10c4e3e66d9f19496efd35fc401ccffcf4616e5c7c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9465f577e17d7c9dc18b43704a4941c609eeed22ae5c086d13e13f2b77613182
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1fb9ac0ae7efe740e96ef10c4e3e66d9f19496efd35fc401ccffcf4616e5c7c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6031C372500619AADB24AFB4EC49AEE77ECDF4A360F1041D5E810A30E0DB78DE85CB64
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B5D122
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00B5D1DD
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00B5D1F0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B5D20D
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5D237
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00B5D21C,?,?), ref: 00B5D2B2
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?), ref: 00B5D253
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B5D264
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 977464341b929ce36b653514787c1635b3e97fe9cefe3ec46757ec386a188fa8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a8f1f7b249cda3d5a9a685ba7fb6b692839716bcd8538d5c9a7ceb3397d707e3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 977464341b929ce36b653514787c1635b3e97fe9cefe3ec46757ec386a188fa8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE617C7180110D9ACF15EBE0CA92AFDBBB5AF14341F2042A5F906771A1EB31AF09CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5433407bb10da5f8f80e445b4411f1429ec4f6d996877a3aa442dd1c1499e4f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 26fae0efa0d8feef5c625ab7652896a4fdce9f11e8ee0f5c471902ed257d12c9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5433407bb10da5f8f80e445b4411f1429ec4f6d996877a3aa442dd1c1499e4f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1418275604611AFE710DF15D888F19BBE5FF44328F14C4A9E4258B672DB7AEC41CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B516C3: GetLastError.KERNEL32 ref: 00B5174A
                                                                                                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(?,00000000), ref: 00B5E932
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b1f334a8c99f003868678a69e132afa01826d7c28ee42bba2fa55f47cd7a7492
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 678701d1671912c8525f3ec257a5603e844c57bf1a7e8a58642044120f175346
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1f334a8c99f003868678a69e132afa01826d7c28ee42bba2fa55f47cd7a7492
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C0144726102116FEB1826749C86FBF72DCD714742F1404D2FC23E30D1D6709D4882A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B71204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B71276
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71283
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00B712BA
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B712C5
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00B712F4
                                                                                                                                                                                                                                                                                                                                                                                • listen.WSOCK32(00000000,00000005), ref: 00B71303
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B7130D
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00B7133C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1a349c2b9cd61218d248740c106cf01ac57c4b782bee2b7ef5279e5b116e7eff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cf7ae4675b13b390c4642ed3b514ec605dde16c59cc48645cd7ae7e3a55722bf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1a349c2b9cd61218d248740c106cf01ac57c4b782bee2b7ef5279e5b116e7eff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57416E71600101AFD710DF68C588B29BBE5EF46318F18C588E96A9F2A3C771ED85CBB1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2B952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2B9D4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2B9F8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2BB7F
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B93700), ref: 00B2BB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B2BC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC1270,000000FF,?,0000003F,00000000,?), ref: 00B2BC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2BD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 90d6ca3a9fb950703a7927f560a16cf5e2b63535a11f42f49900be9873c9350f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2c7eefdea099c1d2db3ce3727fa473558619d2b6ca8d99b366b1e964186fae9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90d6ca3a9fb950703a7927f560a16cf5e2b63535a11f42f49900be9873c9350f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EC11571904225AFCB24DF68AC41FAABBF8EF46310F1445EAE499DB252EF309E41C750
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B5D420
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B5D470
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5D481
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B5D498
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B5D4A1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5492c2529fa53b42471f0432fe64a8685c40d34d06fd67571892e26d9cc6d5c1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4aae4b5ebb2e341d8387c4e3c5446f96bfdd70d5b40c2e52a07fdfd425f4981f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5492c2529fa53b42471f0432fe64a8685c40d34d06fd67571892e26d9cc6d5c1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD31A2710083459BC311EFA4C9919BF77E8AE91341F404A5DF9D5932A1EB30AA0DCB63
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2E4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 419c270dcd2b39a12e1a163b5d89a722d058a1e132158b6979224bf6e8ae0934
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6bfbc632e2f65db67431cd649399e27cde1508eb1c3a8495290dbf0bd99dc648
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 419c270dcd2b39a12e1a163b5d89a722d058a1e132158b6979224bf6e8ae0934
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32C23A71E086298FDB25CE29ED807EAB7F5EB49305F1441EAD85DE7240E774AE818F40
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B664DC
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00B66639
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00B8FCF8,00000000,00000001,00B8FB68,?), ref: 00B66650
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00B668D4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ec2e5cbdb80741b7e3e2a97f706df538495b6aca86ebc0457654793afedf2f34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 418fe98a045b062e1934a801d97cbdf300be2d0e11288d59813e43994a16c067
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec2e5cbdb80741b7e3e2a97f706df538495b6aca86ebc0457654793afedf2f34
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8ED13971508305AFC314EF64C981A6BB7E8FF98704F14496DF5968B2A1EB70ED05CBA2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B722DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(?,?,00000000), ref: 00B722E8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B6E4EC: GetWindowRect.USER32(?,?), ref: 00B6E504
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B72312
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00B72319
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B72355
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B72381
                                                                                                                                                                                                                                                                                                                                                                                • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B723DF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1fa09a82ad2627e1f57604d527431b66cf5b4115743618b682f73f084573a420
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b9e699c2cabd6e165278ada198738f4e1f2c7abf9046a7adb490d9db55790be0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1fa09a82ad2627e1f57604d527431b66cf5b4115743618b682f73f084573a420
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8931E372504315AFDB20DF14D845F9BBBEAFF84310F004959F99997191DB34EA08CBA6
                                                                                                                                                                                                                                                                                                                                                                                Function 00B69B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00B69B78
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00B69C8B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B63874: GetInputState.USER32 ref: 00B638CB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B63874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B63966
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00B69BA8
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00B69C75
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a9fee4d7c6d8348740ad130fa77a147e68090312e7dcf6c822e4b16f8a19f61b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dc840e34dbf2f88d2cc089f4d441c1dbb72d54454a0313f854e0c87a3aeec201
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9fee4d7c6d8348740ad130fa77a147e68090312e7dcf6c822e4b16f8a19f61b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B41717190420AAFCF55DFA4C985AEEBBF8EF05350F244195F905A31A1EB349E84CFA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,?,?,?,?), ref: 00B09A4E
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00B09B23
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00B09B36
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 51aa72479b1ada05d711303409ed413b55dc526f21232b410d550e14c7922dbe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6798dec9a7d201752e1f52546087e218bb8eb609a105554c28261601278ed050
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51aa72479b1ada05d711303409ed413b55dc526f21232b410d550e14c7922dbe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D7A1F370249444BEE728AA2C8C98E7B3EDDDB86350B1542C9F512D66E3CF25DE01E376
                                                                                                                                                                                                                                                                                                                                                                                Function 00B71806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7304E: _wcslen.LIBCMT ref: 00B7309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B7185D
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71884
                                                                                                                                                                                                                                                                                                                                                                                • bind.WSOCK32(00000000,?,00000010), ref: 00B718DB
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B718E6
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00B71915
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 718b0da8a97abfd55bd522c6a55f2cf0f74f5506af43eeb4d29747d1e61ff3b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84e53f95c4efbefe317207c1d1a7a09accaf3adef2fa57a5a02b5f3cb1a6fd85
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 718b0da8a97abfd55bd522c6a55f2cf0f74f5506af43eeb4d29747d1e61ff3b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22519271A002049FD710AF68C986F7ABBE5AB44718F14C498FA1A5F3D3C771AD41CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B81C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8f444166b9748e4ae63b79a0305644ff4115ef3037cb367fb7c6bf248e02cf25
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 22fed788bfa487d08d20a8f392973650ca0656814a1fb3b32f55f114b165d8b3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f444166b9748e4ae63b79a0305644ff4115ef3037cb367fb7c6bf248e02cf25
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FD21A3717412115FD720AF1ED884B6A7BE9EF95324B1984A8E846CF361DB71DC43CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4389167c4193d3c7a8dd85fdab695ee68bc3e66085c6e3e738110892730680cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e3be0bcd841d758d3cb06622f138a0b4c4a86876bdd2bcc4636ef3ded14932a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4389167c4193d3c7a8dd85fdab695ee68bc3e66085c6e3e738110892730680cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DDA25D71E0061ACBDF24CF98C9817BEB7B1FF54314F2481A9E915AB285EB749D81CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00B5AAAC
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080), ref: 00B5AAC8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00B5AB36
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00B5AB88
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a13305b78a84fe3fb79e683078d3c6ed8764399ff00fa8d41152e1e00a8b7c3a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e0157166bbbf4ea4401b146b3798cea68a74a1b2793d572d67b952da6202b48
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a13305b78a84fe3fb79e683078d3c6ed8764399ff00fa8d41152e1e00a8b7c3a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53312770A40208AEEB318B648C45BFA7BE6EB44312F0443DAF981721E0D7758989C7A2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,?,00000400,?), ref: 00B6CE89
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00B6CEEA
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000), ref: 00B6CEFE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 51906f8ea869b6d33589527fff1b0746f4252171b3fa5cdb4f95775bdac0fd96
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83ada404229bcfef406d5260e8c27512571b584982e7aeed4aba9e135c62c85e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 51906f8ea869b6d33589527fff1b0746f4252171b3fa5cdb4f95775bdac0fd96
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D21AFB16003059BDB20DF65C988BB7BBFCEB50354F10449EE686D2161EB79EE48CB64
                                                                                                                                                                                                                                                                                                                                                                                Function 00B58298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00B582AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2c985753ce1e23792a42addc17cdea9bbfc5ea729a6c9f8051e4fb4a46c288de
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: be8017f518f15c6022e194a2e11fb6cfa987d86c9683951b8bef97ff9bb80166
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c985753ce1e23792a42addc17cdea9bbfc5ea729a6c9f8051e4fb4a46c288de
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8322875A00605DFC728CF59C481A6AB7F0FF48710B15C5AEE89AEB7A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                                                Function 00B65C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B65CC1
                                                                                                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?), ref: 00B65D17
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(?), ref: 00B65D5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: efff4bc8633602eae54a3cc74057ca7cbd4cfd3a0f3203c3cd6717254ce7ae7b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7a10d93bfd5c2dff21a265495837d7471ecaecb84db1ccfa48cdda87d32e65b3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efff4bc8633602eae54a3cc74057ca7cbd4cfd3a0f3203c3cd6717254ce7ae7b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 44519B75604A019FC724CF28C494EAAB7E4FF49324F1485ADE95A8B3A2CB34ED54CF91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B22622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 00B2271A
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B22724
                                                                                                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 00B22731
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 516e13c56b78db879818a92fd3dd43322c3d7b5423152f77ef8114d61781e973
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bf63d268b5137afc7b78e5d1e457681b2987f71998cc1e95e26d3734fb8d2897
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 516e13c56b78db879818a92fd3dd43322c3d7b5423152f77ef8114d61781e973
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE31B475911228ABCB21DF64DC897D9BBF8AF08310F5041EAE41CA7261EB709F818F55
                                                                                                                                                                                                                                                                                                                                                                                Function 00B651CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00B651DA
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00B65238
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00B652A1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: abe0606b7602dcc32ffdb9dc957efa3007529712548e4a9c9387d7b9f0268225
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b395d08ccd609f4ffe18ee7976c8ebb09aec9c8b55fd3853bfd5dc4f4f28c078
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: abe0606b7602dcc32ffdb9dc957efa3007529712548e4a9c9387d7b9f0268225
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 12313A75A006189FDB00DF95D894AADBBF4FF48314F048099E905AB3A2DB35E856CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B516C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B10668
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B10685
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B5174A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a00f063692d84b6085f39245c314938df3fffc23b5d5eca1dd3915e8580d5960
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 66ac4b1aecf6fa4dae9f9a1dd6c1e6334acf2665a2d2573d69ace6a92a86737a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a00f063692d84b6085f39245c314938df3fffc23b5d5eca1dd3915e8580d5960
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D1104B1500305AFD7189F68DCC6E6BBBF9EB44751B2085AEE45653241EB70BC41CB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B5D608
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00B5D645
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B5D650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 298248dff1f2742db271c5e8b2dd11b830675d54938e2176553324bf113fd327
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 91a408fec3ffea55ac696fe8c91965950b4ae80d71e187d8b666950f33784f6d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 298248dff1f2742db271c5e8b2dd11b830675d54938e2176553324bf113fd327
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D113CB5E05228BBDB208F95DC85FAFBFBCEB45B50F108155F904E7290D6704A06CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00B5168C
                                                                                                                                                                                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00B516A1
                                                                                                                                                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 00B516B1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a07c7c3faef52f14b1d169d77634cd4f952655052a2efed45127f9f9773b90ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83fa9437c4781fc1e4295d2aa5f001f360e7505c9aecc5045cea4a17b0a59f89
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a07c7c3faef52f14b1d169d77634cd4f952655052a2efed45127f9f9773b90ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37F044B1940308FBDB00CFE4DC89EAEBBBCEB08240F1048A0E900E2190E730AA048B60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2C2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: /
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0fcbc1130e4b7bd810e750beeba2a8579e716ace78aa15d9129932b508c88d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6bd69744bf96f1cb759eb194155a35e1519ed987d35c8dee3d6d86c02c19b4bb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0fcbc1130e4b7bd810e750beeba2a8579e716ace78aa15d9129932b508c88d4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB413A72500228AFCB20DFB9EC48EAF7BF8EB84314F5046A9F919C7180E6709D41CB54
                                                                                                                                                                                                                                                                                                                                                                                Function 00B1CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9284802d138a49b18004f48250af1c3457f5fa6d89da8de9bd8c8dfc34d8832d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3D022D72E402199BDF14CFA9D8806EDFBF1EF48314F6581A9D819E7384D730AE458B84
                                                                                                                                                                                                                                                                                                                                                                                Function 00B668EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?), ref: 00B66918
                                                                                                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00B66961
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5807b17f770e780e3ac308cca87a359eeed3a0a1943c34335f19a1bc6d2d8afd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c4683735ec4823df518d9ca5351fcf0e7bc2291984729597dcc75cc7b5a68d1d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5807b17f770e780e3ac308cca87a359eeed3a0a1943c34335f19a1bc6d2d8afd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A11D3716042059FC710CF69C484A26BBE4FF88328F04C699F8698F2A2CB34EC05CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B637B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B74891,?,?,00000035,?), ref: 00B637E4
                                                                                                                                                                                                                                                                                                                                                                                • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B74891,?,?,00000035,?), ref: 00B637F4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5458f264b60d504755cd66a33cac50d6fae12e94fcf308fd4e07a9346b2da8c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 394480113c11033d4672b4682dfbfd148aecce409739f4050065f322b33619f0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5458f264b60d504755cd66a33cac50d6fae12e94fcf308fd4e07a9346b2da8c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BBF0E5B06042282AE72017B69C4DFEB3AEEEFC4B61F0001A5F509D3291D9709D04C7B1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00B5B25D
                                                                                                                                                                                                                                                                                                                                                                                • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00B5B270
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f24255c218f4aae51466634125c21c64389f0d2336d372998cf3b1f79cde9192
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b5f314dc23a3808cde68b318d44fee4af5b26b25333cbef4da3de5aad47b1a65
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f24255c218f4aae51466634125c21c64389f0d2336d372998cf3b1f79cde9192
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34F01D7580424DABDF059FA0C806BEE7FB4FF04305F008049F965A61A1C779C615DFA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B510BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B511FC), ref: 00B510D4
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,00B511FC), ref: 00B510E9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f36dba4dbf63b6c36e333d58416b6517b9c20e298e0f07aa1898704763ba574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c134a23139087b0e2cf851dbe443a836ca7b9f4e28a2448e27ceda129f6bbb81
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f36dba4dbf63b6c36e333d58416b6517b9c20e298e0f07aa1898704763ba574
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9E04F72004601AEE7252B61FC05F737BE9EB04310B24896DF4A5814F1DB72AC90DB64
                                                                                                                                                                                                                                                                                                                                                                                Function 00AFCAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • Variable is not of type 'Object'., xrefs: 00B40C40
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 62f639dc1a88abb3fcc99c0551879ad93845510cd95e361e555bd1cfe741cc3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5dc11e54600cb23855bc692222f0fd4ae8d899939c183ef10f963a1e6893333f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 62f639dc1a88abb3fcc99c0551879ad93845510cd95e361e555bd1cfe741cc3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5832487091021CDBCF14EF95CA81AFDB7B5FF04314F1440A9FA06AB292DB75AA46DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00B26766,?,?,00000008,?,?,00B2FEFE,00000000), ref: 00B26998
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0806544911b6ca815c7d9e81cbbca5f62f37913972e1ac25a6f8ad92051e5ad4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 84eb170f5f8d0a98ade3885d422be61503377d2097b76b3d6b1dd491edc1f291
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0806544911b6ca815c7d9e81cbbca5f62f37913972e1ac25a6f8ad92051e5ad4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 86B16B31610618DFD719CF28D48AB657BE0FF09364F258699E89DCF2A2C735E981CB40
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e2809b6713cc7bcebb7c90a718f4af9a7b0997568e69ed7a368e640cb87ce944
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 10c970aa8f0da59374b6da3a8ece27bef879a0207b4e57f11169d60d4460f1d4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2809b6713cc7bcebb7c90a718f4af9a7b0997568e69ed7a368e640cb87ce944
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 021240719002299FDB14CF58C881AEEBBF5FF48710F14819AE849EB295DB349E81DF94
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • BlockInput.USER32(00000001), ref: 00B6EABD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb51e5226e3eb4694bdeef80a953b00413e5cdbf0b0e8c0d7aab5ca76b95fa08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 943e3e2b334d38aea5da095bdb3f546b6412235e740cb6367fa282b7b80f5f6f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb51e5226e3eb4694bdeef80a953b00413e5cdbf0b0e8c0d7aab5ca76b95fa08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51E01A352102089FC710EF9AD944E9AFBE9AF98760F008466FD4AC7261DB74E8408BA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B109D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00B103EE), ref: 00B109DA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 88b542ed4932ef9b572a220765a7025458a01facfa378f3108076997b4338d58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8c45afaebb01f42ad4317a32f6ba5a4d566d6a0e2c117530e006e7607c0f7a57
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 88b542ed4932ef9b572a220765a7025458a01facfa378f3108076997b4338d58
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                                Function 00B1781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: df7d06ec2ac7f80b8e0962d5a20789e21c95e1a63b19d30a2c293de8e9e3e1d1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D2516B616DC60567DB38852A889DBFE23F5DB02380FE805DAE882C7282CE11DEC9D351
                                                                                                                                                                                                                                                                                                                                                                                Function 00B26DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7d08473302b0364b1567e9f0294a7628f7a692cf30a9f7454b74e1cd243436b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6e7ec15bc0b549a27416e4c7d78a2e404551736d82367f1a642d78583e352160
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d08473302b0364b1567e9f0294a7628f7a692cf30a9f7454b74e1cd243436b2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71324522D69F114DD7239634ED62335A689EFB73C5F15C337E81AB6AA9EF28C4834104
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b5256317f7f667785c5be3b16a81697e0c6175ca57f9ca4565b401f8f0da8a1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 839f0da189c2e83d487b7290860e52efb9a3c62af3ea15b3ded8e8f9c233d937
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b5256317f7f667785c5be3b16a81697e0c6175ca57f9ca4565b401f8f0da8a1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1321331A011198BDF78CF28C4D067D7FE1EB45B44F2986EAD44A9B296D730DE81EB81
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7e2d800e7cb01d7d95e9d8a0d28980c4ac2f513a1a4ce4ec7cdce88505688f2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e36e717f2cfdb29f3f000184c5da2cc444849d5343f63a14fb0961560732dc4c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e2d800e7cb01d7d95e9d8a0d28980c4ac2f513a1a4ce4ec7cdce88505688f2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F422B170A0460ADFDF24DFA4C981ABEB7F6FF44300F204669E816A7291EB35AD55CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5927ee257dab3697a895efb9c323595157038e9b96662834598c24276c0b28bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d6635372c662c336636f8d1a19a5cc588007c48060a2b072f82da4c848d5c839
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5927ee257dab3697a895efb9c323595157038e9b96662834598c24276c0b28bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C102B7B1A0010AEBDB14DF54D881AAEB7F1FF44300F6081A9F9169B2D0EB31EE51CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B11C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 93cb6ff6964332b23c720fd7292ceed9a2e19fe3a3f5ea4be868a87846f938aa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D99187732090A34ADB29467E95740BEFFE1DA923A135A0FEDD5F2CE1C5FE108994D620
                                                                                                                                                                                                                                                                                                                                                                                Function 00B119B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9819255dbf2e75f49d61a314916f99b2e955ccdc52a6fbe1bc723c9ab93a583b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AF91747220D0A34ADB2D427E85740BEFFE19A923A135A0BDDD5F2CA1C1FD24C5E5D620
                                                                                                                                                                                                                                                                                                                                                                                Function 00B17A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9d0e5ae55da7e4ac2088e2de5c86f57b84fa90af5b5319ff9bc8eaefe195dc3c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c3220ba42d46e3eaeb76a13fac55f3269ac74887784da06285186e8470ec9c74
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d0e5ae55da7e4ac2088e2de5c86f57b84fa90af5b5319ff9bc8eaefe195dc3c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 456145712DC709A6DA349A2889B5BFF23F5EF41700FE409DAE842DB281DF119EC28355
                                                                                                                                                                                                                                                                                                                                                                                Function 00B17CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 805e5f7d33655fd202e7fef70c5e97e15e2f54d82864dd899dcdce826b8859f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d2caac7371b05743e3ba15899ad43cfcad7038f05c0819739fe2b769a02e493
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 805e5f7d33655fd202e7fef70c5e97e15e2f54d82864dd899dcdce826b8859f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF615CB22CC70D57DE349A286895BFE23F9EF41704FE009E9E843DB281DE119DC28255
                                                                                                                                                                                                                                                                                                                                                                                Function 00B11706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 841a5c53a383310f40cfbd8a1fdbee03475625d0da2f7a737275ab19b9fe0a4f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC8197726090A34DDB6D823E85740BEFFE19A923E135A4BDDD5F2CB1C1EE24C994D620
                                                                                                                                                                                                                                                                                                                                                                                Function 00B62046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 956619e9c1c2102150d93a17fba9621a1e51b7bf223d6dbfe2b2f71d39f9af93
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dcccbfc1aa0644dd32f9cd2260fee8f7f6b882b43c8530f3a972c06a2f0e4a0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 956619e9c1c2102150d93a17fba9621a1e51b7bf223d6dbfe2b2f71d39f9af93
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3C21B7326206158BD728CF79C82367E73E5E754310F15866EE4A7C37D0DE39A904CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B72ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00B72B30
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00B72B43
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00B72B52
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B72B6D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00B72B74
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B72CA3
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B72CB1
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72CF8
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00B72D04
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B72D40
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D62
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D75
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D80
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00B72D89
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D98
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00B72DA1
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72DA8
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00B72DB3
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72DC5
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B8FC38,00000000), ref: 00B72DDB
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00B72DEB
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B72E11
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B72E30
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72E52
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B7303F
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6db5323be23a7cea77a534c2901e166b00068111509d79fd98caf45a3ecec60e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bbeee050a3f5cfafc03b7aac392ab1951f2ba99ae896ff157159a4e0cda41551
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6db5323be23a7cea77a534c2901e166b00068111509d79fd98caf45a3ecec60e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80027DB1500209AFDB14DFA4CD89EAE7BB9FF49710F048558F919AB2A1DB74ED01CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B870D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00B8712F
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00B87160
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00B8716C
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,000000FF), ref: 00B87186
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00B87195
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00B871C0
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000010), ref: 00B871C8
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(00000000), ref: 00B871CF
                                                                                                                                                                                                                                                                                                                                                                                • FrameRect.USER32(?,?,00000000), ref: 00B871DE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00B871E5
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FE,000000FE), ref: 00B87230
                                                                                                                                                                                                                                                                                                                                                                                • FillRect.USER32(?,?,?), ref: 00B87262
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B87284
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: GetSysColor.USER32(00000012), ref: 00B87421
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: SetTextColor.GDI32(?,?), ref: 00B87425
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: GetSysColorBrush.USER32(0000000F), ref: 00B8743B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: GetSysColor.USER32(0000000F), ref: 00B87446
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: GetSysColor.USER32(00000011), ref: 00B87463
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B87471
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: SelectObject.GDI32(?,00000000), ref: 00B87482
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: SetBkColor.GDI32(?,00000000), ref: 00B8748B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: SelectObject.GDI32(?,?), ref: 00B87498
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B874B7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B874CE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B874DB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 14ae08918e2be89182c1a0e64f941429a99a45dcb256d872eac51e0bdcb89992
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e2019baf3c728ab5839f19aef2a0a3f613c5f8c123424b274527aaf09bdd3bc7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 14ae08918e2be89182c1a0e64f941429a99a45dcb256d872eac51e0bdcb89992
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4A184B2008302AFDB11AF64DC49E5B7BE9FB49324F200A19F562A71F1DB75D944CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B08D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?), ref: 00B08E14
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001308,?,00000000), ref: 00B46AC5
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00B46AFE
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00B46F43
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B08BE8,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08FC5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053), ref: 00B46F7F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00B46F96
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B46FAC
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B46FB7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 26cc13914ca28ca409f981e8689db4174cbe763b3634e623ef8937bd23a8cc5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d99cd973f25b4b8e37e84be810dca7f0f34da70592ce945455ebe49106ac94b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 26cc13914ca28ca409f981e8689db4174cbe763b3634e623ef8937bd23a8cc5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5212BF70600211DFDB25CF28D884BA5BBE1FB4A300F5444A9F585DB2A2CB31EE52EB52
                                                                                                                                                                                                                                                                                                                                                                                Function 00B72711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000), ref: 00B7273E
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B7286A
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B728A9
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B728B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B72900
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,?), ref: 00B7290C
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B72955
                                                                                                                                                                                                                                                                                                                                                                                • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B72964
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00B72974
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00B72978
                                                                                                                                                                                                                                                                                                                                                                                • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B72988
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B72991
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(00000000), ref: 00B7299A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B729C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B729DD
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B72A1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B72A31
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B72A42
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B72A77
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00B72A82
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B72A8D
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B72A97
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40456ac68876d3c778d9b7caa5e41ce42a52a4299a7e896ebc21372bc3f1599e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8f807252c03ca81733ae7af662504ce3b8aec39c85afb35ec61ffc5bbf95f62a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40456ac68876d3c778d9b7caa5e41ce42a52a4299a7e896ebc21372bc3f1599e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5AB151B1A00205AFEB14DFA8CD85FAE7BB9EB48714F008554F915E72A1DB74ED40CBA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B64ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00B64AED
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00B8CB68,?,\\.\,00B8CC08), ref: 00B64BCA
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00B8CB68,?,\\.\,00B8CC08), ref: 00B64D36
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f85aca9ff2940195c23bb0921cd4859b1db84e5b7f47d6baa809d4a765373722
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3683d80dc21bd35714aa932537e8567cedda2c47c8d0ace4b6cc10ec5f40fd93
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f85aca9ff2940195c23bb0921cd4859b1db84e5b7f47d6baa809d4a765373722
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B461B17160590AABCB04DF68CAC19BD7BE0EF05340B2444E5F80AAB7A1DBBDED41DB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B873E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00B87421
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00B87425
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColorBrush.USER32(0000000F), ref: 00B8743B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00B87446
                                                                                                                                                                                                                                                                                                                                                                                • CreateSolidBrush.GDI32(?), ref: 00B8744B
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00B87463
                                                                                                                                                                                                                                                                                                                                                                                • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B87471
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B87482
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,00000000), ref: 00B8748B
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00B87498
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FF,000000FF), ref: 00B874B7
                                                                                                                                                                                                                                                                                                                                                                                • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B874CE
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00000000,000000F0), ref: 00B874DB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B8752A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B87554
                                                                                                                                                                                                                                                                                                                                                                                • InflateRect.USER32(?,000000FD,000000FD), ref: 00B87572
                                                                                                                                                                                                                                                                                                                                                                                • DrawFocusRect.USER32(?,?), ref: 00B8757D
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000011), ref: 00B8758E
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00B87596
                                                                                                                                                                                                                                                                                                                                                                                • DrawTextW.USER32(?,00B870F5,000000FF,?,00000000), ref: 00B875A8
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00B875BF
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00B875CA
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00B875D0
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00B875D5
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00B875DB
                                                                                                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 00B875E5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 314aa8e781f72aaa473f035dab656c0f30244473ffca271d11d322618f83849b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4265c3900008a6c068b6f72a761099235cec1612577e4c91de83542a1d459d54
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 314aa8e781f72aaa473f035dab656c0f30244473ffca271d11d322618f83849b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB6152B1900219AFDF01AFA4DC49EEE7FB9EB08320F254155F915B72B1DB749940CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B80FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B81128
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B8113D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00B81144
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B81199
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00B811B9
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B811ED
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B8120B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B8121D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,?), ref: 00B81232
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B81245
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(00000000), ref: 00B812A1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B812BC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B812D0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00B812E8
                                                                                                                                                                                                                                                                                                                                                                                • MonitorFromPoint.USER32(?,?,00000002), ref: 00B8130E
                                                                                                                                                                                                                                                                                                                                                                                • GetMonitorInfoW.USER32(00000000,?), ref: 00B81328
                                                                                                                                                                                                                                                                                                                                                                                • CopyRect.USER32(?,?), ref: 00B8133F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000412,00000000), ref: 00B813AA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6e7d00a34d875f494f5c552d700cbd9c9075cb7459f18a96de8d9a0a08758b50
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ad8202040d66385ae60b603cedf0b94ab6bb76ee8cb2165846acdc600e3e1a40
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e7d00a34d875f494f5c552d700cbd9c9075cb7459f18a96de8d9a0a08758b50
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3CB18D71605341AFD710EF68C984B6BBBE8FF84350F008958F99A9B261DB71EC45CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B80241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00B802E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B8031F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80389
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B803F1
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80475
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B804C5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B80504
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B52258
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B5228A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e7677958e4c180eb8de42898b5b065fd2ecfcc59c39f939c14f575307228699a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5ce1ddb4cdb69a97e6c65bdada36d602e9d2dc6f2b659b2279a1607230ae8d1d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e7677958e4c180eb8de42898b5b065fd2ecfcc59c39f939c14f575307228699a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09E19B312282018FC754FF24C59197AB7E6FF98394B1449ACF8969B3A1DB30ED49CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B08891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B08968
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000007), ref: 00B08970
                                                                                                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B0899B
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000008), ref: 00B089A3
                                                                                                                                                                                                                                                                                                                                                                                • GetSystemMetrics.USER32(00000004), ref: 00B089C8
                                                                                                                                                                                                                                                                                                                                                                                • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B089E5
                                                                                                                                                                                                                                                                                                                                                                                • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00B089F5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B08A28
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B08A3C
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(00000000,000000FF), ref: 00B08A5A
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00B08A76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B08A81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetCursorPos.USER32(?), ref: 00B09141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(00000000,00000000,00000028,00B090FC), ref: 00B08AA8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a73a23cd11d55c696e97d4d8c68aaaffeb4e10cb87a5613d4088e45529247047
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6636dce52b2a88f1e776ea4afe45194695851ffc3b08f6536021f8acc27ceb0b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a73a23cd11d55c696e97d4d8c68aaaffeb4e10cb87a5613d4088e45529247047
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3B15B71A0020A9FDF14DFA8DC85BAA3BF5FB49314F104269FA15A72E0DB74E941CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B50D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                                                                                                                                                                                                                                                                                                                                • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B50DF5
                                                                                                                                                                                                                                                                                                                                                                                • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B50E29
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00B50E40
                                                                                                                                                                                                                                                                                                                                                                                • GetAce.ADVAPI32(?,00000000,?), ref: 00B50E7A
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B50E96
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?), ref: 00B50EAD
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B50EB5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00B50EBC
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B50EDD
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000), ref: 00B50EE4
                                                                                                                                                                                                                                                                                                                                                                                • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B50F13
                                                                                                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B50F35
                                                                                                                                                                                                                                                                                                                                                                                • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B50F47
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F6E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50F75
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F7E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50F85
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F8E
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50F95
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00B50FA1
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B50FA8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: GetProcessHeap.KERNEL32(00000008,00B50BB1,?,00000000,?,00B50BB1,?), ref: 00B511A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B50BB1,?), ref: 00B511A8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B50BB1,?), ref: 00B511B7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1e95c36d3ada9ec54d03ad74121ffe4254c9c1992a5adf1cc910d623cf830e37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c742436eb75fd4723f77e525b2bf480bf0b491a3e125926c0a613dc871596d6b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e95c36d3ada9ec54d03ad74121ffe4254c9c1992a5adf1cc910d623cf830e37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 53715EB190020AEBDF20AFA4DC49FAEBBB8FF04341F144195F919A7191DB719909CB70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7C4BD
                                                                                                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B8CC08,00000000,?,00000000,?,?), ref: 00B7C544
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B7C5A4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7C5F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7C66F
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B7C6B2
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B7C7C1
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B7C84D
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00B7C881
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00B7C88E
                                                                                                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B7C960
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                                • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d627ef3350df2054cbcfbae70fc461e17965c3f64eefecf42ce2e164d1ce87cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2b10df347634b4a8beea785e93eb28645aea18263577455a5d5e12008f03d9fa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d627ef3350df2054cbcfbae70fc461e17965c3f64eefecf42ce2e164d1ce87cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F1279756042019FC714DF24C981E2ABBE5FF88714F14889CF99A9B3A2DB31ED45CB81
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00B809C6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80A01
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B80A54
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80A8A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80B06
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B80B81
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B52BFA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2c671dc184c7bfee78714a0190af0eb4be89771015cb65e09c2dcab698ad6cf9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: db5f59231032095898417ec2e1148feef0132913163a2ee8ce74088f204ba092
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c671dc184c7bfee78714a0190af0eb4be89771015cb65e09c2dcab698ad6cf9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5E18B312183018FC754FF64C59096AB7E1FF98394B1489ADF8969B3A2DB31ED49CB81
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 60f25f533e9f6265d8bf39f3f8055972033e7383694e55b792d8c6bf71d8c6d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 01f9b300e7aadfd3cdd963758516d691437e7ac38f8b049e5483025b3e11426c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 60f25f533e9f6265d8bf39f3f8055972033e7383694e55b792d8c6bf71d8c6d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6071C53360052A8BCB20DE7CC9515FE3BD1DBA4754F2585ACF87EA7285EA71CD4583A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B8835A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B8836E
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B88391
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B883B4
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B883F2
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B85BF2), ref: 00B8844E
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B88487
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B884CA
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B88501
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?), ref: 00B8850D
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B8851D
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(?,?,?,?,?,00B85BF2), ref: 00B8852C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B88549
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B88555
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3f438cc4517337387b8102e2686efbc4e04fa0b094284cfc98f5867b43ef6424
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a092fcf5c1203b50b8c4deeba593b5e9b60e099bfa68bdc67b4d4b60c71489c3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3f438cc4517337387b8102e2686efbc4e04fa0b094284cfc98f5867b43ef6424
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D661AE7254021ABBEB14AF64CC81BFE7BA8EF14711F504589F915E61E1DF74A980CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2ab435b23a9c6bfc0d67f54495041d1327a84ae60afecb49925c93e414d94cb2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 61603dd313b83dff3fa95324e9ade9cfae038babba78b14cece7c10a6c639680
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ab435b23a9c6bfc0d67f54495041d1327a84ae60afecb49925c93e414d94cb2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C81C471604609ABDB20BFA0CC42FFF7BE8EF15340F1440A5FA05AA1A6EB70D951C7A1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B55A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000063), ref: 00B55A2E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B55A40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00B55A57
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00B55A6C
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00B55A72
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00B55A82
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(00000000,?), ref: 00B55A88
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B55AA9
                                                                                                                                                                                                                                                                                                                                                                                • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B55AC3
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B55ACC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B55B33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00B55B6F
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B55B75
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00B55B7C
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00B55BD3
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00B55BE0
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000005,00000000,?), ref: 00B55C05
                                                                                                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B55C2F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 29a525ee064081dfff0bb1b5263882a39bb9f9747604ce7a3fb46420c142a9a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c3503bbd1f5a640a30472adfbfc4d8c4f6f055efbb074c210044db9b27499a32
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29a525ee064081dfff0bb1b5263882a39bb9f9747604ce7a3fb46420c142a9a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05716D71900B05AFDB20DFA8CE99B6EBBF5FF48706F104598E542A35A0DB74E944CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B100C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00B100C6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00BC070C,00000FA0,C0DFC12D,?,?,?,?,00B323B3,000000FF), ref: 00B1011C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00B323B3,000000FF), ref: 00B10127
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00B323B3,000000FF), ref: 00B10138
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00B1014E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B1015C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B1016A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B10195
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B101A0
                                                                                                                                                                                                                                                                                                                                                                                • ___scrt_fastfail.LIBCMT ref: 00B100E7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100A3: __onexit.LIBCMT ref: 00B100A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 00B10162
                                                                                                                                                                                                                                                                                                                                                                                • InitializeConditionVariable, xrefs: 00B10148
                                                                                                                                                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 00B10154
                                                                                                                                                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B10122
                                                                                                                                                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 00B10133
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                                • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b4cf92482c335893ea243df72157e598defb68fa5c0acd7c050d08594c520f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 62ad51ccfa903bb9e3c630195a47f42d43f6240ef4ccd03104e9e281d5485f7b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b4cf92482c335893ea243df72157e598defb68fa5c0acd7c050d08594c520f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7521C572664711ABD7107B64AC49BAA3BD4EF08F51F5001BAF901F36B1DEB49C80CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B530F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 83a94ba5f457e66af2663db19f7b1bd96abb659e82f85f9ccd5ba1a674e15edb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 26c215860c6de8fe1b8ff19f8e1c385518e464422e90f2990792af6f91486680
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83a94ba5f457e66af2663db19f7b1bd96abb659e82f85f9ccd5ba1a674e15edb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6EE1B332A005169BCB249FB8C4917FDBBE0FF54B91F5481D9E856A7340DB70AE8D8790
                                                                                                                                                                                                                                                                                                                                                                                Function 00B644C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharLowerBuffW.USER32(00000000,00000000,00B8CC08), ref: 00B64527
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B6453B
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B64599
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B645F4
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B6463F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B646A7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                                                                                                                                                                                                                                                                                                                                • GetDriveTypeW.KERNEL32(?,00BB6BF0,00000061), ref: 00B64743
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                                • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1d76d917945328b7a725729bf36f068e4a4afb139dcc8992d77d99ed6c243dae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 552f041efd97b3800a8b1cf88efd2812fe79c714bd106d2a87ff1aefb6fb453d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1d76d917945328b7a725729bf36f068e4a4afb139dcc8992d77d99ed6c243dae
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B3B1FD716087029FC720DF28C890A7AB7E5EFA5760F50499DF596C7291EB38DC44CBA2
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00BC1990), ref: 00B32F8D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00BC1990), ref: 00B3303D
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B33081
                                                                                                                                                                                                                                                                                                                                                                                • SetForegroundWindow.USER32(00000000), ref: 00B3308A
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(00BC1990,00000000,?,00000000,00000000,00000000), ref: 00B3309D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00B330A9
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e3cd0f25263c36aa17d7bfc68f42563589b66e3843e94f2ce2bbc81df718d641
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0bd6e4dbd1033c55c8564162b7cc744365394fa7d722e89b68f31933edfccf53
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e3cd0f25263c36aa17d7bfc68f42563589b66e3843e94f2ce2bbc81df718d641
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5E711871640219BEEF259F64CC8AFEABFA4FF05764F304256F614661E1C7B1A910CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B86CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,?), ref: 00B86DEB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B86E5F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B86E81
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B86E94
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00B86EB5
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00AF0000,00000000), ref: 00B86EE4
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B86EFD
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B86F16
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000), ref: 00B86F1D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B86F35
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B86F4D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ababe057976b13b63a7cf31de076c0da1612e3c5d4edea3a16516da65e436cc5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2ba632a2f8d5b25f14c74dadb2598dbcb372bc2f2f04436a0928f4f4ebe534e7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ababe057976b13b63a7cf31de076c0da1612e3c5d4edea3a16516da65e436cc5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DD7148B4144244AFDB21DF18DC48FAABBE9FB89305F44085DFA9997271DB70E906CB21
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryPoint.SHELL32(?,?), ref: 00B89147
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B87674: ClientToScreen.USER32(?,?), ref: 00B8769A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B87674: GetWindowRect.USER32(?,?), ref: 00B87710
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B87674: PtInRect.USER32(?,?,00B88B89), ref: 00B87720
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00B891B0
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B891BB
                                                                                                                                                                                                                                                                                                                                                                                • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B891DE
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B89225
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00B8923E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00B89255
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,?,?), ref: 00B89277
                                                                                                                                                                                                                                                                                                                                                                                • DragFinish.SHELL32(?), ref: 00B8927E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B89371
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f78b048008883c814f202a427d7c8edad22041749b2bd0a553f29aa0b85a5623
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 561eca2e26374a070fc0fd9f9f930c1fede7015b12eb19a8d35a8241d91bc204
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f78b048008883c814f202a427d7c8edad22041749b2bd0a553f29aa0b85a5623
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F617871108305AFC701EFA4DD85EABBBE8EF89750F00096DF695931A1DB709A49CB62
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B6C4B0
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B6C4C3
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B6C4D7
                                                                                                                                                                                                                                                                                                                                                                                • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B6C4F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00B6C533
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B6C549
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B6C554
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B6C584
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B6C5DC
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B6C5F0
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00B6C5FB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dbd5a8c9fecae8df77012311be01972eae9085b41041d1a44a1526cb53157d21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 43954f9ec8cb739494d52bd095469f9050f2873820d98c32e6f936488a242cbf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbd5a8c9fecae8df77012311be01972eae9085b41041d1a44a1526cb53157d21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C15138B1600208BFEB219F60CD89ABA7FFCEB18754F00445AF98697650DB38E944DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00B88592
                                                                                                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885AD
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885BA
                                                                                                                                                                                                                                                                                                                                                                                • GlobalLock.KERNEL32(00000000), ref: 00B885C8
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885D7
                                                                                                                                                                                                                                                                                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 00B885E0
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885E7
                                                                                                                                                                                                                                                                                                                                                                                • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885F8
                                                                                                                                                                                                                                                                                                                                                                                • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00B8FC38,?), ref: 00B88611
                                                                                                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00B88621
                                                                                                                                                                                                                                                                                                                                                                                • GetObjectW.GDI32(?,00000018,?), ref: 00B88641
                                                                                                                                                                                                                                                                                                                                                                                • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B88671
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00B88699
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B886AF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8d6979b92c768eb5e0f0de04bacd28b908a749771fdb63308b67b71ba94aa1e2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e89f551d0f68979aaf055279c71cadd51198ee908f8656803794cb977d20be42
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d6979b92c768eb5e0f0de04bacd28b908a749771fdb63308b67b71ba94aa1e2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB4109B5600208AFDB11DFA5DC88EAA7BB9FF89B11F144058F905E72B1DB309D01DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B614BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00B61502
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00B6150B
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B61517
                                                                                                                                                                                                                                                                                                                                                                                • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00B615FB
                                                                                                                                                                                                                                                                                                                                                                                • VarR8FromDec.OLEAUT32(?,?), ref: 00B61657
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B61708
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00B6178C
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B617D8
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B617E7
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000000), ref: 00B61823
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1ce71a3bfdf380ad8cc0ec4a496ef863d4e1ac96731ab7f1371f3e4c0315d076
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a075f877c8bff8bd5a7734a646335409e770d505fc51e8388a75ae467600976
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ce71a3bfdf380ad8cc0ec4a496ef863d4e1ac96731ab7f1371f3e4c0315d076
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52D1CE71A00215DBDB109F69D885B79FBF5FF44700F188996F406AB690EB38EC41DB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7B6F4
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7B772
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,?), ref: 00B7B80A
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00B7B87E
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00B7B89C
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B7B8F2
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B7B904
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B7B922
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00B7B983
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00B7B994
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bdd96ac4cdbcc82c6eeaf018685efa486e5ded7e84b78222a22f7d8692cc96d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b0fc407cd9cb88e4b06b0ad4bdfd282bc016821781fee92d3147dae5ac8104b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdd96ac4cdbcc82c6eeaf018685efa486e5ded7e84b78222a22f7d8692cc96d8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F7C15A70208201AFD714DF54C595F2ABBE5EF84318F14859CF5AA8B2A2CB71ED45CF92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B725D8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B725E8
                                                                                                                                                                                                                                                                                                                                                                                • CreateCompatibleDC.GDI32(?), ref: 00B725F4
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,?), ref: 00B72601
                                                                                                                                                                                                                                                                                                                                                                                • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B7266D
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B726AC
                                                                                                                                                                                                                                                                                                                                                                                • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B726D0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,?), ref: 00B726D8
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 00B726E1
                                                                                                                                                                                                                                                                                                                                                                                • DeleteDC.GDI32(?), ref: 00B726E8
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 00B726F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                                • String ID: (
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f54d76a381118fe320430f1dd389717abc1ef8fef4c6d8c24671b82aa4f31793
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f1612cfe0b83f3440b8e3d682ac744c2df8c37f09c82e596d635999bccefb667
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f54d76a381118fe320430f1dd389717abc1ef8fef4c6d8c24671b82aa4f31793
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4F61C3B5D00219EFCF14CFA4D884AAEBBF5FF48310F20856AE559A7250D774A951CF60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2DA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___free_lconv_mon.LIBCMT ref: 00B2DAA1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D659
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D66B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D67D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D68F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6A1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6B3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6C5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6D7
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6E9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D70D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D71F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D731
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DA96
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DAB8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DACD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DAD8
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DAFA
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB0D
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB1B
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB26
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB5E
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB65
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB82
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2DB9A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 49d576b4f5329448fcf851a2dd02a567e252f1f9695f0ac51f6e88b5ff8874e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d5d1d404960e0aab4311ed5028884584ff88ee4ca7ec927f41bb56d31e289d85
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 49d576b4f5329448fcf851a2dd02a567e252f1f9695f0ac51f6e88b5ff8874e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30316B32604324AFEB21AB38F849B5A77E9FF05310F5149A9E44DD7291DF30AC80C720
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00B5369C
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B536A7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00B53797
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00B5380C
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(?), ref: 00B5385D
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B53882
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00B538A0
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000), ref: 00B538A7
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00B53921
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00B5395D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e2478a3b9969f8224cb5a887c311e62fe2f60ff2a4d9334461745fede192e527
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1555bddd0e8e05f94bb3586a9bd47e776d885255d2d0ff19206305db254d52ca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2478a3b9969f8224cb5a887c311e62fe2f60ff2a4d9334461745fede192e527
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0191B4B1204606AFD719DF24C885FAAF7E8FF44781F0045A9FD9AC2250DB30EA59CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B54954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00B54994
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00B549DA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B549EB
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,00000000), ref: 00B549F7
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00B54A2C
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00B54A64
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(?,?,00000400), ref: 00B54A9D
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000018,?,00000400), ref: 00B54AE6
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000400), ref: 00B54B20
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B54B8B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 173feb09f75759fa98638b630b5ee204682fc7ae85964b9b0e22d677fb8072d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c6efee3f8ac90d05b9b80d74962822ed864a9dc67b112be6cfac1b4307119a5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 173feb09f75759fa98638b630b5ee204682fc7ae85964b9b0e22d677fb8072d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3591BF710082059FDB05DF14C985BAA7BE8FF84359F0484E9FD859B196EB30ED89CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B88D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B88D5A
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00B88D6A
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgCtrlID.USER32(00000000), ref: 00B88D75
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00B88E1D
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B88ECF
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(?), ref: 00B88EEC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 00B88EFC
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B88F2E
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B88F70
                                                                                                                                                                                                                                                                                                                                                                                • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B88FA1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 913f9213446954cdd1773627644f56232cc4f5c11e580c41a6655e685e0d8fdb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cda0d5ee18fa65403f78de8373e43b1b2c3b212c383fce1aece6e02b994c1bda
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 913f9213446954cdd1773627644f56232cc4f5c11e580c41a6655e685e0d8fdb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8819E715083019FDB10EF24D884AAB7BE9FF88354F5409ADFA95972A1DF70D901CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00B5DC20
                                                                                                                                                                                                                                                                                                                                                                                • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00B5DC46
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5DC50
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00B5DCA0
                                                                                                                                                                                                                                                                                                                                                                                • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00B5DCBC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1b3f6e3b8bac81a2d6da0056e034bb522d0a1d910884d4b40b8d4b667c574dd7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a76e1ebcd832d4333d743664769eebb435aea1a6cbae168b816473c1c5fcefcf
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1b3f6e3b8bac81a2d6da0056e034bb522d0a1d910884d4b40b8d4b667c574dd7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E41F072A402057AEB20A764DC47EFF7BECEF45711F5001EAF900A61E2EB749A4187B5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B7CC64
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B7CC8D
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B7CD48
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B7CCAA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B7CCBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B7CCCF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B7CD05
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B7CD28
                                                                                                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B7CCF3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc835a224e326773fcec8b7d7e6e228e355ed3a024b51257bece6928e65482f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0abed89fe3663550568bb9d3bd0cc8b1b08442c6cb910ba6e1726290f1202741
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc835a224e326773fcec8b7d7e6e228e355ed3a024b51257bece6928e65482f2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B5317CB1901128BBDB219B61DC88EFFBFBCEF45740F0041A9A919E3250DB709A45DBB0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B63D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B63D40
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B63D6D
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B63D9D
                                                                                                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00B63DBE
                                                                                                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?), ref: 00B63DCE
                                                                                                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00B63E55
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B63E60
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B63E6B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 051e507bcc2bdcd8d5d98de3a1fd4d517daee7f9a5ee50c14e3c1c2b16d318fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: afcdc643b225d9fe06277554fc7a345a78723c246c5dab63cd48cd1a931bdd8f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 051e507bcc2bdcd8d5d98de3a1fd4d517daee7f9a5ee50c14e3c1c2b16d318fa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B316FB1900209AADB219FA0DC49FEB77FCEF89B00F1041B5F605960A0EB749744CB64
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • timeGetTime.WINMM ref: 00B5E6B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0E551: timeGetTime.WINMM(?,?,00B5E6D4), ref: 00B0E555
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(0000000A), ref: 00B5E6E1
                                                                                                                                                                                                                                                                                                                                                                                • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00B5E705
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00B5E727
                                                                                                                                                                                                                                                                                                                                                                                • SetActiveWindow.USER32 ref: 00B5E746
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00B5E754
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 00B5E773
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000FA), ref: 00B5E77E
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32 ref: 00B5E78A
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(00000000), ref: 00B5E79B
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                                • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dc1d18d9b44c43ee8cf0b5a9f3dfbde4a9d95af908e667474dec6bab555a1df3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c7c5ed72a69913aa5dde7150cc2412a42df6a66b86ddbd5ec2273064719f6364
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc1d18d9b44c43ee8cf0b5a9f3dfbde4a9d95af908e667474dec6bab555a1df3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BD2138B0200245AFEB045F20EC89F263AA9EB5978AF1014A5F965931B1DF71AD08DB34
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00B5EA5D
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00B5EA73
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B5EA84
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00B5EA96
                                                                                                                                                                                                                                                                                                                                                                                • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00B5EAA7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c850fed3a80a719aebef0c3bf845b8a635c44c61c295af3caa41791b840f37d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 36574971e7b3911c0fdf5bad923c8ca8334f66eda95ebca76b2e8837a7cd2979
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c850fed3a80a719aebef0c3bf845b8a635c44c61c295af3caa41791b840f37d9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0115431A5021D7AD724A7A1DD4AEFF6BFCEBD5B40F0004A57951A20E1EEB04E45C5B0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B55CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 00B55CE2
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00B55CFB
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00B55D59
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00B55D69
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00B55D7B
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00B55DCF
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00B55DDD
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00B55DEF
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00B55E31
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003EA), ref: 00B55E44
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B55E5A
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 00B55E67
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 44bac492ff840a2bdeac2d629f089f93dfa4ab99f6f210e01547e7c516c0d61c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7fe30542865dc5b58478789afa846e9ac555a0375da1f9b94e081bad7aef6c4e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 44bac492ff840a2bdeac2d629f089f93dfa4ab99f6f210e01547e7c516c0d61c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B51FFB1A00609AFDB18CF68DD99AAE7BF5EF48301F148169F915E7290DB709E04CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B08BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B08BE8,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08FC5
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00B08C81
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08D1B
                                                                                                                                                                                                                                                                                                                                                                                • DestroyAcceleratorTable.USER32(00000000), ref: 00B46973
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B469A1
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B469B8
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000), ref: 00B469D4
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00B469E6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ad47b01d9f62b43221703fef615071c1fc4e5e5a8618eca6c9246b6e90e80551
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ef80af2e19ef8363c281c4f9b430301a484c981aabe254ca000e499ff654c5ab
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ad47b01d9f62b43221703fef615071c1fc4e5e5a8618eca6c9246b6e90e80551
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05618D30502600DFDB359F18D948B257BF1FB46312F1449ADE082AB9B1CB71AE91EFA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B09838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(0000000F), ref: 00B09862
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5467de5404c457754598e9cc644d65d21d7293bcbf88fd4ed9c21de7d6d737f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ea58dedb5d22894f43f561576f727f0353736a9686b773aaa41e2cef550800b3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5467de5404c457754598e9cc644d65d21d7293bcbf88fd4ed9c21de7d6d737f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B34180711447409FDB205F389C88BB93FA5EB163A0F148695E9A29B2F3DB319941DB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B596E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00B3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00B59717
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00B3F7F8,00000001), ref: 00B59720
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00B3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00B59742
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00B3F7F8,00000001), ref: 00B59745
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00B59866
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 59cafa35954c9539e018ffa030956ca7f1353dfc63d0b725b9b38ab2bd8fba07
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6be9731648073702dd5a5e1b1a80ab0516c356384b7661ac2b4c80c0d44e2ac7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59cafa35954c9539e018ffa030956ca7f1353dfc63d0b725b9b38ab2bd8fba07
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82412D7280021DAADF05EBE0DE86EFE77B8AF54341F1001A5F60576092EB756F49CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B506DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B507A2
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B507BE
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B507DA
                                                                                                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B50804
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00B5082C
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B50837
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B5083C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 93fa3435f1c8c4be64eb20a9d12f66f6663153f9a0ea90cdb8d2dbbf190afbb4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 98c1ad21370e7d908c58d8d96112d0189c7dab2dc20ee7ea7f219c5d56ec6195
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 93fa3435f1c8c4be64eb20a9d12f66f6663153f9a0ea90cdb8d2dbbf190afbb4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8641E77281022DABDF11EBA4DD85DFDB7B8EF14390F044169F915A7161EB705E04CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B73C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B73C5C
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00B73C8A
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00B73C94
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B73D2D
                                                                                                                                                                                                                                                                                                                                                                                • GetRunningObjectTable.OLE32(00000000,?), ref: 00B73DB1
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B73ED5
                                                                                                                                                                                                                                                                                                                                                                                • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B73F0E
                                                                                                                                                                                                                                                                                                                                                                                • CoGetObject.OLE32(?,00000000,00B8FB98,?), ref: 00B73F2D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 00B73F40
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B73FC4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B73FD8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d22c21ab7c9d0a411c03fa86b09817c44f997d72cdcdae84e34f98ab1f3824f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 177c389bd490a816989a4281faedd7933232a0a3272283d64fb1268a6c299401
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d22c21ab7c9d0a411c03fa86b09817c44f997d72cdcdae84e34f98ab1f3824f6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CFC16A716083059FC710DF68C88492BBBE9FF89744F14899DF99A9B220DB31ED05DB62
                                                                                                                                                                                                                                                                                                                                                                                Function 00B67A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00B67AF3
                                                                                                                                                                                                                                                                                                                                                                                • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00B67B8F
                                                                                                                                                                                                                                                                                                                                                                                • SHGetDesktopFolder.SHELL32(?), ref: 00B67BA3
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00B8FD08,00000000,00000001,00BB6E6C,?), ref: 00B67BEF
                                                                                                                                                                                                                                                                                                                                                                                • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00B67C74
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?,?), ref: 00B67CCC
                                                                                                                                                                                                                                                                                                                                                                                • SHBrowseForFolderW.SHELL32(?), ref: 00B67D57
                                                                                                                                                                                                                                                                                                                                                                                • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00B67D7A
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00B67D81
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 00B67DD6
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00B67DDC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a4efc4a1ff16aaf038cede4dd1605c0eba2aa7b680155ba9d4ca60662acc4cef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 92de7d117236ccc3849216bb70452c4d5abef9c0445066ee8f76ea3a02465b8f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a4efc4a1ff16aaf038cede4dd1605c0eba2aa7b680155ba9d4ca60662acc4cef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 67C10A75A04109AFCB14DFA4C894DAEBBF9FF48304B1484A9F91A9B361DB34ED45CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B85504
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B85515
                                                                                                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000158), ref: 00B85544
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B85585
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B8559B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B855AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 945db62095959444a03eb6f2aed2395c66e10948968bbc4aa60d2c0f9efdb931
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1d09343ed63037df5cef39d4985e5b8d28f14d52ae019f473ac66b89e2fb596
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 945db62095959444a03eb6f2aed2395c66e10948968bbc4aa60d2c0f9efdb931
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3619C74900609ABDF20AF54CC84AFE7BF9EF09321F144195F925AB2B0DB749A80DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4FA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00B4FAAF
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAllocData.OLEAUT32(?), ref: 00B4FB08
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B4FB1A
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 00B4FB3A
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(?,?), ref: 00B4FB8D
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 00B4FBA1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B4FBB6
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyData.OLEAUT32(?), ref: 00B4FBC3
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B4FBCC
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B4FBDE
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B4FBE9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4597b784c1b43fae9b873b2ff59508376db17af9bc9c3b08717a52f60b325066
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 0c38a143d3f1a3d2b09a72ddcdf290c9b103d5bb0d23d16ac1072db45e0ca682
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4597b784c1b43fae9b873b2ff59508376db17af9bc9c3b08717a52f60b325066
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C413E75A0021AEFCF00DFA4D8549BEBBB9FF48354F048069E955A7361CB30EA45DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B59C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00B59CA1
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A0), ref: 00B59D22
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A0), ref: 00B59D3D
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(000000A1), ref: 00B59D57
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(000000A1), ref: 00B59D6C
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000011), ref: 00B59D84
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000011), ref: 00B59D96
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000012), ref: 00B59DAE
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(00000012), ref: 00B59DC0
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(0000005B), ref: 00B59DD8
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyState.USER32(0000005B), ref: 00B59DEA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5e7544c36f3eb76ef27483168df618bbe2f94ec2bea2db3936c88fcb80d23475
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fa5f5768d731e75af95cd82ae34466efa85a4e6fbee2edb288e39a3d02c443e5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5e7544c36f3eb76ef27483168df618bbe2f94ec2bea2db3936c88fcb80d23475
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0641C5745047C9A9FF31976488053A5BEF0EB11345F0880EADEC6575C2EBA599CCC7A2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WSAStartup.WSOCK32(00000101,?), ref: 00B705BC
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?), ref: 00B7061C
                                                                                                                                                                                                                                                                                                                                                                                • gethostbyname.WSOCK32(?), ref: 00B70628
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCreateFile.IPHLPAPI ref: 00B70636
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B706C6
                                                                                                                                                                                                                                                                                                                                                                                • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B706E5
                                                                                                                                                                                                                                                                                                                                                                                • IcmpCloseHandle.IPHLPAPI(?), ref: 00B707B9
                                                                                                                                                                                                                                                                                                                                                                                • WSACleanup.WSOCK32 ref: 00B707BF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: db1fc341e4f003cd5da17c66a263c176de730b725515eafeb08c20de3c552771
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c40c419e03d9825880a72913d05c1488d3ee131d52aee4be3f1572f024e1b40
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db1fc341e4f003cd5da17c66a263c176de730b725515eafeb08c20de3c552771
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE916A75618201DFD324EF15C588B2ABBE0EF44318F14C5AAF56A9B6A2CB30ED45CF91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B78CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 81440a74979e2e5798492d93075991cf4cc0105749996766cf6bd1b63e35e968
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9c0ae553389ab73d66aa03ed638913ee9d64bd2052ff2e9a381a9df8e70a43b8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81440a74979e2e5798492d93075991cf4cc0105749996766cf6bd1b63e35e968
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B519231A445169BCB24DFA8C9849BEB7E5FF64360B6082A9E53AE72C4DF30DD40C790
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32 ref: 00B73774
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00B7377F
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,00B8FB78,?), ref: 00B737D9
                                                                                                                                                                                                                                                                                                                                                                                • IIDFromString.OLE32(?,?), ref: 00B7384C
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B738E4
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B73936
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b018a1c1ee9a91b1a0c5a819f157b5805f205c80117499f1481e2b631b6e87ab
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 09ece09fc7d270494026677cdb720bd17559310629edf813d3c0e26fb9c9c7a0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b018a1c1ee9a91b1a0c5a819f157b5805f205c80117499f1481e2b631b6e87ab
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E561B470608301AFD310DF54C889F6ABBE4EF49B10F108889F999972A1D770EE48DB93
                                                                                                                                                                                                                                                                                                                                                                                Function 00B68195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 00B68257
                                                                                                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B68267
                                                                                                                                                                                                                                                                                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B68273
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B68310
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68324
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68356
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B6838C
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f3342e40085b02fd02cf3aadd23d76735cdc5d041f197f5a3cc4bd1450f7a4fc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c543ae466528a2128eee45124f74fb664003bdcb8796f90692d78a632241551
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f3342e40085b02fd02cf3aadd23d76735cdc5d041f197f5a3cc4bd1450f7a4fc
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9617CB25043459FCB10EF60C8409AEB3E8FF89310F04495EF999D7251DB35E945CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B63388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00B633CF
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00B633F0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 84828be41ffd79bf07184a414f0011a2febe9285cc288006fd52674cf016c216
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 98edf1ef4f4baef48c573f1511a3f0bc911cd1b3c7cdb9df926d374ca772c66f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84828be41ffd79bf07184a414f0011a2febe9285cc288006fd52674cf016c216
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E6516872900209AADF15EBE0CE42EFEB7B8EF14740F1041A5F605731A2EB656F58DB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 00b45f21a1560477f8cbf3126c957e9423075d2f16b9af629c980dba4e4317ef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2c8f7748cddd80a1d4dc0094e4c94ae475e52350a1860a501661ddfc9d081a1d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00b45f21a1560477f8cbf3126c957e9423075d2f16b9af629c980dba4e4317ef
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9841C532A000269BCB105F7DC990ABEF7E5EF60795B2441E9EC21D7284E735CD85C790
                                                                                                                                                                                                                                                                                                                                                                                Function 00B65393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00B653A0
                                                                                                                                                                                                                                                                                                                                                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00B65416
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B65420
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,READY), ref: 00B654A7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                                • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8246d6a0010bb593f78df3d19e54bf47dbfcf9b8fd31c00f75aefd964293bac2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bde0dcb5b164c6c99ae2a1a16340604161e1d34040e2fcb1a59f10c671866b1a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8246d6a0010bb593f78df3d19e54bf47dbfcf9b8fd31c00f75aefd964293bac2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED319F76A005089FD720DF68C484AAA7BF4FF04305F1480E5E505DB3A6DB79DD96CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateMenu.USER32 ref: 00B83C79
                                                                                                                                                                                                                                                                                                                                                                                • SetMenu.USER32(?,00000000), ref: 00B83C88
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B83D10
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00B83D24
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00B83D2E
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B83D5B
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00B83D63
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a664efbe9e0ab04ecd858656e1eae53514c5143ab3ec316cee7550b45438196
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f7fa754eb6fcc2ac13d555c6a55121ec89fb277bd83ae74cf20ab55da240d9fc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a664efbe9e0ab04ecd858656e1eae53514c5143ab3ec316cee7550b45438196
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 274168B5A01209EFDF14DF64E884EEA7BF5FF49700F144068E916A7360DB70AA10CBA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B83A9D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B83AA0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B83AC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B83AEA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B83B62
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B83BAC
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B83BC7
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B83BE2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B83BF6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B83C13
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 43e57df95686d91d21efcb8d47740288d3df47a08b007e41ecb8e2ba50a2c686
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d2ee7d2f27ccb46f0938a93f02e21307564203a56be4ac6c691b3f5ec2a91bcd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43e57df95686d91d21efcb8d47740288d3df47a08b007e41ecb8e2ba50a2c686
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47615CB5900248AFDB10DFA8CC81EEE77F8EB09B04F104599FA15A72A2D774AE45DF50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00B5B151
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B165
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(00000000), ref: 00B5B16C
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B17B
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B5B18D
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1A6
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1B8
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1FD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B212
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B21D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 165f5cbbad5a056a3dc4b45bb53ecc9521245be67824a268d50e35f326c8139c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 26a110f0b87c6c7147c8fe4e523b729a6b75974253e7a1ccb61cd987e7c728b5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 165f5cbbad5a056a3dc4b45bb53ecc9521245be67824a268d50e35f326c8139c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB3178B6510604AFDB109F24EC98FA97FE9EB59712F208095FA01D71A0DBB49A44CF70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B22C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22C94
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CA0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CB6
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CC1
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CCC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CD7
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CE2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CED
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22CFB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d18a30af838a05873e7ff2373f96bc444f7fda70c664fa423f823d32400f1d8f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a37d93b0c24e98904a1a96ed83e2dba4ae8c2ab6e0e7c59e0723919f15383e0d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d18a30af838a05873e7ff2373f96bc444f7fda70c664fa423f823d32400f1d8f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 00114676510118BFCB02EF54E942CDD3BA5FF09350F9145A5F94C9B322D631EE909B90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B67DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B67FAD
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B67FC1
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 00B67FEB
                                                                                                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00B68005
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68017
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68060
                                                                                                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B680B0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 827dfff0505c498e33dffecc83edf0def613f750afb53faaa410d84bd07702b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c47d9518c0d9eb1f55f659a8a564451b016d6c7102c7bb5a759284e1ac1bb981
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 827dfff0505c498e33dffecc83edf0def613f750afb53faaa410d84bd07702b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A981A0725483459BCB20EF54C4849AAB3E8FF88314F144D9AF989D7250EB3ADD49CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EB), ref: 00AF5C7A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF5D0A: GetClientRect.USER32(?,?), ref: 00AF5D30
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF5D0A: GetWindowRect.USER32(?,?), ref: 00AF5D71
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF5D0A: ScreenToClient.USER32(?,?), ref: 00AF5D99
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32 ref: 00B346F5
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B34708
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00B34716
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00B3472B
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00B34733
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00B347C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: U
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c9061ec5d8b3501e287b7f4a3369710dbef29b552ea5bf841a11065f4b07c2d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f9dd83aead0ea44439f8ee51d4df748d603007b34af66fda7c95041e2c1e0eac
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c9061ec5d8b3501e287b7f4a3369710dbef29b552ea5bf841a11065f4b07c2d0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2771B235500209DFCF218FA4C985ABA7FF5FF4A350F2442A9FA565A166CB31AC41DF60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00B635E4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00BC2390,?,00000FFF,?), ref: 00B6360A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 893cdb41c554a9f65059c641c8bc0f307f4e6e9b6f3b796d5862f33cb7bea32a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2e8e68884d18d7f19737ef243852249b8c799e3072ec464989ed00c621c68312
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 893cdb41c554a9f65059c641c8bc0f307f4e6e9b6f3b796d5862f33cb7bea32a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52515E72800209BADF15EBE0DD42EFEBBB8EF05740F1441A5F605721A1DB341A99DBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B88B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetCursorPos.USER32(?), ref: 00B09141
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00B88B6B
                                                                                                                                                                                                                                                                                                                                                                                • ImageList_EndDrag.COMCTL32 ref: 00B88B71
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseCapture.USER32 ref: 00B88B77
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00000000), ref: 00B88C12
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B88C25
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00B88CFF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 171bc2eb7a8e5c6ce5823e66e0b235f5222b7722857f601020b320e9654ad3ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6dbc5f4dbe53ce3d2d02d26f34fe1dc7e7f8758cb5b70eef9aa336264738816e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 171bc2eb7a8e5c6ce5823e66e0b235f5222b7722857f601020b320e9654ad3ed
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03518BB1104304AFD700EF64DD96FAA7BE4FB88750F400A6DF956A72E2DB709904CB62
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B6C272
                                                                                                                                                                                                                                                                                                                                                                                • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B6C29A
                                                                                                                                                                                                                                                                                                                                                                                • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B6C2CA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B6C322
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00B6C336
                                                                                                                                                                                                                                                                                                                                                                                • InternetCloseHandle.WININET(00000000), ref: 00B6C341
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ce2214ee56466f322e9450c963e01f378b419cb63e1e74852571a192a0ed0d55
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 170985d8ea3bc29deeff8a8223189a96d2376547ae88f7b25bd5b4dd3b3dca06
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ce2214ee56466f322e9450c963e01f378b419cb63e1e74852571a192a0ed0d55
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22317AB1600208AFD7219FA49C88ABB7FFCEB49744B10855EF48A93210DB38DD08DB74
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00B33AAF,?,?,Bad directive syntax error,00B8CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00B598BC
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000,?,00B33AAF,?), ref: 00B598C3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00B59987
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d4a614c07c6a974e7d7ba1ed7e4e0dc56bc5e52c777285bdcd61211bb0390a76
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f24f5e542c1d342bca007ed70f2a42f1f6bebffb82a9b26e2c15f528bdd63c00
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d4a614c07c6a974e7d7ba1ed7e4e0dc56bc5e52c777285bdcd61211bb0390a76
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B4216F3290021EEBCF11EF90CC06EFE77B5FF14741F0444A5F615660A1EA759A18DB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32 ref: 00B520AB
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(00000000,?,00000100), ref: 00B520C0
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B5214D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: adeb0bca93ca0366a8c589380b2372d5bc5fc6ce57b16e2c647541cb67c63539
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ff16a3ee0d4654c5acc0a61c01e352515ac7e1aa0f4e5ddacbe4746b52fcb3e4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adeb0bca93ca0366a8c589380b2372d5bc5fc6ce57b16e2c647541cb67c63539
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6311E776685B06BAFA253720DC06EF777DCCF06325B2000E6FF04B50E1FEA158455654
                                                                                                                                                                                                                                                                                                                                                                                Function 00B28D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b79461f91f05b1962a9e1c978ce0cdd79731908f8afaa68fdef354afe12ffddd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dc71daf29d1fee45ff220d3f2fc25eec42bc0ab5c5534fc595ad90d9e800f424
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b79461f91f05b1962a9e1c978ce0cdd79731908f8afaa68fdef354afe12ffddd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5C1B175E04269AFDB11AFA8E841BEEBBF0EF09310F0441D9F51DA7292CB309941CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2CE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ec022fe8d866eb32c7bc1be41806bd84117169681b9e6c6c6f6bcbc1d2bd3c81
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 40765487811f527f46f5c918bf79e920e1879ada96a4906083c95d05eea65b18
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec022fe8d866eb32c7bc1be41806bd84117169681b9e6c6c6f6bcbc1d2bd3c81
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EC612571904220ABDB21AFB8BD81A6E7FE5EF09310F1442FDF94DD7281EB31994587A1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B08B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00B46890
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00B468A9
                                                                                                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00B468B9
                                                                                                                                                                                                                                                                                                                                                                                • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00B468D1
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00B468F2
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B08874,00000000,00000000,00000000,000000FF,00000000), ref: 00B46901
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00B4691E
                                                                                                                                                                                                                                                                                                                                                                                • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B08874,00000000,00000000,00000000,000000FF,00000000), ref: 00B4692D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cd68fc4bd0ffa70c9615df1b9f5c3d8b87832df603570f7339f9f35fd673562f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d70ef98979ce8d6ff23cead5e3d598fd24066fcd8fd633890bc24980d54d811
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd68fc4bd0ffa70c9615df1b9f5c3d8b87832df603570f7339f9f35fd673562f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AC5168B0600209EFDB208F24CC95FAA7BF5EB59750F104558F996A72E0DBB1EA90DB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B6C182
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B6C195
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?), ref: 00B6C1A9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B6C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B6C272
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B6C253: GetLastError.KERNEL32 ref: 00B6C322
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B6C253: SetEvent.KERNEL32(?), ref: 00B6C336
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B6C253: InternetCloseHandle.WININET(00000000), ref: 00B6C341
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8b7017fe161a18365778b6151e88676d8928bd6018e434de8c8c35ac7693f0c9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 55ee6b7d335b6b56ba43d446e79c382340e342632e3879de064040934953dbab
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8b7017fe161a18365778b6151e88676d8928bd6018e434de8c8c35ac7693f0c9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9318DB1200605AFDB219FA5DC54A77BFF8FF18300B00846DF99A93620DB39E814DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B525A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B525BD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00B525DB
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00B525DF
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B525E9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00B52601
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00B52605
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B5260F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00B52623
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00B52627
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f6ea95b9e78911478295e22a5c57f3c10701a15469a47be5538593d72b7cf17a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 06d372fbdc113aba08ac71be39fec7bc7652cf08d98ddb8d8442a114ece46c92
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f6ea95b9e78911478295e22a5c57f3c10701a15469a47be5538593d72b7cf17a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D01B171290210BBFB1067689CCEF593F99DB4AB52F200051F718AF1E5CDF22448CA79
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00B51449,?,?,00000000), ref: 00B5180C
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B51813
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B51449,?,?,00000000), ref: 00B51828
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,?,00B51449,?,?,00000000), ref: 00B51830
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B51833
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B51449,?,?,00000000), ref: 00B51843
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00B51449,00000000,?,00B51449,?,?,00000000), ref: 00B5184B
                                                                                                                                                                                                                                                                                                                                                                                • DuplicateHandle.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B5184E
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,00000000,00B51874,00000000,00000000,00000000), ref: 00B51868
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eb502969696b88accfccc315a6a00ead9f09e44c1b1bc81c75609c1a6598ff2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7dfe286bd45031e4e86a13879ad128314be317650cd51e0e2b1d1ba4b633c102
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb502969696b88accfccc315a6a00ead9f09e44c1b1bc81c75609c1a6598ff2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8701BBB5240308BFE710ABA5DC8DF6B3FACEB89B11F104451FA05DB2A1DA719800CB30
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00B5D501
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00B5D50F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5D4DC: CloseHandle.KERNEL32(00000000), ref: 00B5D5DC
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B7A16D
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B7A180
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B7A1B3
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B7A268
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(00000000), ref: 00B7A273
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7A2C4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a33a01e77fa1da5e5357d9724e92cef37ebbbd884e15cbd5b299a7362db70752
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d215130cd43f745fb05d695b5e9532c35c8b362e770bdbb1daa66e85b33a846
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a33a01e77fa1da5e5357d9724e92cef37ebbbd884e15cbd5b299a7362db70752
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9618E71204242AFD710DF19C494F29BBE1AF84318F54C49CE46A4BBA3C772EC49CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B83925
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B8393A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B83954
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B83999
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B839C6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B839F4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1c31b5d39ed75d6e7ca4558ab8f508adc2db913d45c6adbf064582cde1e3688d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4a9fc5636dafa2ba37aba50ab204e80e670fb7f7b2ba6c8ed72c60c1e9409c9e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c31b5d39ed75d6e7ca4558ab8f508adc2db913d45c6adbf064582cde1e3688d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2941B471A00218ABDB21AF64CC49FEA7BE9EF08B50F1005A6F545E72A1D771DA80CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B5BCFD
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(00000000), ref: 00B5BD1D
                                                                                                                                                                                                                                                                                                                                                                                • CreatePopupMenu.USER32 ref: 00B5BD53
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00FA5710), ref: 00B5BDA4
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(00FA5710,?,00000001,00000030), ref: 00B5BDCC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2aecd7e1e455e4e3c38121cb6b81359cdb96995dbffeeca7fcc7a9ed42213b53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f4fa002771a827533b1398480045d9fe25195dcbdd4610dfd1d4277c3bdccaad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2aecd7e1e455e4e3c38121cb6b81359cdb96995dbffeeca7fcc7a9ed42213b53
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E9518D70A002099BDF10CFA8D885FAEBBF4EF59316F1441E9EC11972D1D7709949CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadIconW.USER32(00000000,00007F03), ref: 00B5C913
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: db0e279f1d71a1e560868f68799bc7bcb2d5de077db4e2e970e5e674fc9a6e3b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 94c694f2146885f0d2135a713420b1451e341fb02b5c657dd6b65017df36028e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: db0e279f1d71a1e560868f68799bc7bcb2d5de077db4e2e970e5e674fc9a6e3b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8E113A32689306BFE7029B159C83EFE6BDCDF15716B6000FAFD00A62D2EBB45E445264
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b236c234acc88c75e4b5810f09a9a7db5fd0104cad528f47f0829454687d2be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 01db02a131e5d56f2f80aa6d9d4a273d951b51b1dbf0ec3c5ce9d050267edc2f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b236c234acc88c75e4b5810f09a9a7db5fd0104cad528f47f0829454687d2be
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F418365C1011875CB51EBB4C88AACFB7E8AF45710F9084E6E924E3162FB34D799C3E5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B0F953
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B4F3D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B4F454
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1da9d23b12cc8f1bb28de45aa5fc30f3d206ce4658b85dd0151dd8e49d9a9e5e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b5c22d8d892a84249a6bb3181c2a7cbdff5f59756cda2384c17a7c280a968074
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1da9d23b12cc8f1bb28de45aa5fc30f3d206ce4658b85dd0151dd8e49d9a9e5e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0041F531708682BEC7388B289888B7A7FD2EB96310F1444BDE08753EB1CA31E981D711
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(00000000), ref: 00B82D1B
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B82D23
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B82D2E
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00B82D3A
                                                                                                                                                                                                                                                                                                                                                                                • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B82D76
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B82D87
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B85A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B82DC2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B82DE1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f262ec9639f4d5a5a3dee2ac0508efe29cf1cd6ff5b58ed3c7740c19053ff609
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6c08cc8abf388f62865216b3c166713576dbf1dd15b2a37c00702ffa19091d53
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f262ec9639f4d5a5a3dee2ac0508efe29cf1cd6ff5b58ed3c7740c19053ff609
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B8318BB6201214BBEB119F508C8AFEB3FA9EF09755F044065FE089B2A1DA759C40CBB0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B55622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e53456406919e0ce9039ed4e48db7abb0290c4b4f4bfa5e16c4488e37e64c68a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 272f65c5c7edfe7d34751067f9a718696ea3d8f0b89c5b5940e51c62b2291375
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e53456406919e0ce9039ed4e48db7abb0290c4b4f4bfa5e16c4488e37e64c68a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA21DA61641909B7D6246D159DE2FFA33DCEF14387F9400E0FE045A555F720EE18C6A9
                                                                                                                                                                                                                                                                                                                                                                                Function 00B74FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 929fab8b9e75010ef6e477abe13c5efad2416974a4d8d66e52642d99b43d2e69
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4bd7c27414ee8e171d4053fd26dbc34d62963974c99f7b3bf163c6124eee4dd7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 929fab8b9e75010ef6e477abe13c5efad2416974a4d8d66e52642d99b43d2e69
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A8D18071A0060A9FDB20CF58C881BAEB7F5FF48344F15C4A9E929AB291D7B0DD45CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B31522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00B315CE
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B31651
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00B317FB,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B316E4
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B316FB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B31777
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B317A2
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B317AE
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2f0cdd8105bb95d9fea6af5eccd456f15248eef70f5f93c92582623b09c79d3b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 990382ee46cecf8badf2b3b9d3500beae4551cd97024a50ba9f826eee9abe997
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f0cdd8105bb95d9fea6af5eccd456f15248eef70f5f93c92582623b09c79d3b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3991A3B1E102169ADF209FA8CC81AEE7BF9DF59710F294A99E805E7251DB35DC40CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B74523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ffb13fabef36100b692436e2a1c80a3f6aeb71f7e8d96bbe9214789b6b76065e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bd0b375f418da32b95b7e12d4b5622faf46de03f98b78c0201e23c88f68c45c1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffb13fabef36100b692436e2a1c80a3f6aeb71f7e8d96bbe9214789b6b76065e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4918171A00219ABDF24CFA5D884FAEBBF8EF45711F10C599F529AB290D7709941CFA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B61187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00B6125C
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B61284
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00B612A8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B612D8
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B6135F
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B613C4
                                                                                                                                                                                                                                                                                                                                                                                • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B61430
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0aee3bf895ae022f2428fdd3342ba3281fc48645e2ecdbff344d23f3da6ee301
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a69215802516a55eb9ba7ea0069481d1b3a22e27e2a754eae23881bddcac4e95
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0aee3bf895ae022f2428fdd3342ba3281fc48645e2ecdbff344d23f3da6ee301
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8B91C171A00209AFDB00DFA8D895BBEB7F5FF45314F1888A9E501E7391DB78A941CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 836fb6feb32647cb0a2ec0e8502bd3a8242358ff1d3a976d75e945119f0fd454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce8ddb155f3fa05dd57552025dec453a83309db43dbf499812ce2f2d672a0eca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 836fb6feb32647cb0a2ec0e8502bd3a8242358ff1d3a976d75e945119f0fd454
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70911571940219EFCB10CFA9CC84AEEBFB8FF49320F148595E515B7292D774AA42DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B73947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B7396B
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?), ref: 00B73A7A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B73A8A
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B73C1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B60CDF: VariantInit.OLEAUT32(00000000), ref: 00B60D1F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B60CDF: VariantCopy.OLEAUT32(?,?), ref: 00B60D28
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B60CDF: VariantClear.OLEAUT32(?), ref: 00B60D34
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 150165c9ced49f09023a2830bb51a33ebca070877619bc087102ce02d6006bc9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1c64be44a11bfe9c202488cf317c17f02e11db7546f54492e7508a401ea4ea35
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 150165c9ced49f09023a2830bb51a33ebca070877619bc087102ce02d6006bc9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 489188756083059FC700EF64C58196ABBE4FF88714F1488AEF89A9B351DB30EE45DB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B74BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?,?,00B5035E), ref: 00B5002B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50046
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50054
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?), ref: 00B50064
                                                                                                                                                                                                                                                                                                                                                                                • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B74C51
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B74D59
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B74DCF
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(?), ref: 00B74DDA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8746c8d5e9300036eb013c936aeb798429fb14923c1bfd8400f1700642506e43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f16b3239dda8bad7eb387af4c4bcaf8b8adb71e63507b72efc924aa0aeebd645
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8746c8d5e9300036eb013c936aeb798429fb14923c1bfd8400f1700642506e43
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6091F571D0021DAFDF15DFA4D891AEEB7B9FF08310F1085A9E929A7251DB709A44CFA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B820FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenu.USER32(?), ref: 00B82183
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 00B821B5
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B821DD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B82213
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemID.USER32(?,?), ref: 00B8224D
                                                                                                                                                                                                                                                                                                                                                                                • GetSubMenu.USER32(?,?), ref: 00B8225B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B822E3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9bfff8b384772b9c5eca0050f15477e1ca35c1a6dcf216c9aba8eb69349fb299
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 04d95efcbf8db76cf882e559f6601bce64c23342c56aee8e6bc25e826c59b0db
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9bfff8b384772b9c5eca0050f15477e1ca35c1a6dcf216c9aba8eb69349fb299
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3715275E00205AFCB14EFA5C985AAEBBF5EF48310F148499E916EB361DB34ED41CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B87E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00FA5508), ref: 00B87F37
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00FA5508), ref: 00B87F43
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B8801E
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00FA5508,000000B0,?,?), ref: 00B88051
                                                                                                                                                                                                                                                                                                                                                                                • IsDlgButtonChecked.USER32(?,?), ref: 00B88089
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(00FA5508,000000EC), ref: 00B880AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B880C3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072528602-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f92631b14df7aabb4604b197e26fb1622438ec1d54fb9b720e879b3d22089787
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7f38cfabb24bd4b334c7c9f9104b93694ea66a46a50893bc17527a4bb377e353
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f92631b14df7aabb4604b197e26fb1622438ec1d54fb9b720e879b3d22089787
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA71AD74648244AFEB21AF65C884FAA7BF5EF0A304F244499FA45972B1CF31EC45DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(?), ref: 00B5AEF9
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00B5AF0E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00B5AF6F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000010,?), ref: 00B5AF9D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000011,?), ref: 00B5AFBC
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,00000012,?), ref: 00B5AFFD
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00B5B020
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f80454ccaba38ac4912d1293929c92801f1967054aef7003e6c9f34684909801
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 990444fc14ffe13fe33a9b841fb4d95845ba6d4396866f80553e8553e9fa3340
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f80454ccaba38ac4912d1293929c92801f1967054aef7003e6c9f34684909801
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4151E4A06047D53DFB3642348C45BBABEE99B06305F0885C9E9D9968C2D3D9ACCCD761
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetParent.USER32(00000000), ref: 00B5AD19
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?), ref: 00B5AD2E
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(?), ref: 00B5AD8F
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00B5ADBB
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00B5ADD8
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00B5AE17
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00B5AE38
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f1a45399576c1ee30ebb590b2cf756bef382b90f818165f9ff49acaca2ee7fcd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6b91f2e32e30d7cc096890023214308d3c9d03995a15faa9acdff41c00e26da1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f1a45399576c1ee30ebb590b2cf756bef382b90f818165f9ff49acaca2ee7fcd
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C5109A15047D53DFB3353348C46B7ABEE8AB05302F1886D8E5D5668C2D794EC8CD762
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetConsoleCP.KERNEL32(00B33CD6,?,?,?,?,?,?,?,?,00B25BA3,?,?,00B33CD6,?,?), ref: 00B25470
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00B254EB
                                                                                                                                                                                                                                                                                                                                                                                • __fassign.LIBCMT ref: 00B25506
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00B33CD6,00000005,00000000,00000000), ref: 00B2552C
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,00B33CD6,00000000,00B25BA3,00000000,?,?,?,?,?,?,?,?,?,00B25BA3,?), ref: 00B2554B
                                                                                                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,00B25BA3,00000000,?,?,?,?,?,?,?,?,?,00B25BA3,?), ref: 00B25584
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2301590b81e400463752cedd66f49a58f8d9b50fe54ab5595e3a68ab7ef329b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f3f88f68d1ccca39321a102cf573b49eb433c842342179325b2f17f16afbd170
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2301590b81e400463752cedd66f49a58f8d9b50fe54ab5595e3a68ab7ef329b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF51E6B09006189FDB20DFA8E885BEEBBF9EF19300F14415AF559E7291D730DA41CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B12D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00B12D4B
                                                                                                                                                                                                                                                                                                                                                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 00B12D53
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00B12DE1
                                                                                                                                                                                                                                                                                                                                                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 00B12E0C
                                                                                                                                                                                                                                                                                                                                                                                • _ValidateLocalCookies.LIBCMT ref: 00B12E61
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                                • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 434fb371e055ab91b27d2bceba9fba8e4ebd47ad8021ddc23ef73f8e1dc08c08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 01fc0e97f50fc995d68bfa992814e9354876639b10bd7e12b56305b7ad330d61
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 434fb371e055ab91b27d2bceba9fba8e4ebd47ad8021ddc23ef73f8e1dc08c08
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6A419534A002099BCF10DF68D845ADEBBF5FF45324F9481E5E914AB392D7319AA5CBD0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B710B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7304E: _wcslen.LIBCMT ref: 00B7309B
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B71112
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71121
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B711C9
                                                                                                                                                                                                                                                                                                                                                                                • closesocket.WSOCK32(00000000), ref: 00B711F9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b223c3840e6fb63723463614548b59e2fe2b8b9480cf978783e4d4563ba60486
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7d922f48b399f5e09df0a6ebd62fc5328396b038e1d9a88e7e67db852d5dc109
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b223c3840e6fb63723463614548b59e2fe2b8b9480cf978783e4d4563ba60486
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0041F671600208AFDB109F5CC885BA9BBE9EF45724F54C499FD29AF291CB70AD41CBB1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B5CF22,?), ref: 00B5DDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B5CF22,?), ref: 00B5DE16
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00B5CF45
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00B5CF7F
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5D005
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5D01B
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?), ref: 00B5D061
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fd29094decdda8ef5168426bac1f61f977105920eee77524be75e74afeb34908
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 71853270ed2033c8a060b8582754395176a34a4d43d469ae5d9e44ff4eeeb3c5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fd29094decdda8ef5168426bac1f61f977105920eee77524be75e74afeb34908
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 774112719452195FDF12EBA4D981BDEB7F9EF08381F1000E6A509EB151EA34A78DCB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B82E1C
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B82E4F
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B82E84
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B82EB6
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B82EE0
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B82EF1
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B82F0B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9b9e81fd69b486a7de7b0eda2741c2d78eff7661413cc7267e95166da1284556
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6d2d5816f16756799fba3bc82c41e49f52bca93c44c78a7da69409ef6da7fd2a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9b9e81fd69b486a7de7b0eda2741c2d78eff7661413cc7267e95166da1284556
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3311230604250AFEB21EF58DC85FA53BE1FB9A712F1501A5FA019F2B2CBB1AC41DB55
                                                                                                                                                                                                                                                                                                                                                                                Function 00B57726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57769
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B5778F
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00B57792
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00B577B0
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 00B577B9
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00B577DE
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00B577EC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6278b9f80cdfaa23da082724560721f84d04e94f04a2c4059bcde445eed3dcf2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 88018cf577ec4e5ebbf603046bebdeaded509a0f7c4fcdbbeecd41cdf092389e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6278b9f80cdfaa23da082724560721f84d04e94f04a2c4059bcde445eed3dcf2
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9121A376704219AFDB10EFA8EC88DBB77ECEB09364B0480A5BD04DB2A0DA70DC45C760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B577FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57842
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57868
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 00B5786B
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32 ref: 00B5788C
                                                                                                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32 ref: 00B57895
                                                                                                                                                                                                                                                                                                                                                                                • StringFromGUID2.OLE32(?,?,00000028), ref: 00B578AF
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(?), ref: 00B578BD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4f4eb767e88218d3debbfb03c1456ea2c1d8a86a751c99adb405d9b50d93020b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e112806e3a8ca06aa53d0eb8e610b71807e2b75b9b15b33c0ab6755a339e59bd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f4eb767e88218d3debbfb03c1456ea2c1d8a86a751c99adb405d9b50d93020b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 20218171704114AFDB109BA9EC8CEBA77ECEB0836071481A5B915CB2A1DA70DC45CB74
                                                                                                                                                                                                                                                                                                                                                                                Function 00B604D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(0000000C), ref: 00B604F2
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B6052E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e84803ecc6f6a87c0aba62beeffff6e97a5f52379f499363750ff29d828d0024
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bc62c955d70a848640eb6a9cdf40e076f7390abb5964836377942f1309a72847
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e84803ecc6f6a87c0aba62beeffff6e97a5f52379f499363750ff29d828d0024
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13216075510305ABDB20AF2ADC84A9B7BF4EF54724F204A59F9A2D72E0E7749940CF20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B605A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetStdHandle.KERNEL32(000000F6), ref: 00B605C6
                                                                                                                                                                                                                                                                                                                                                                                • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B60601
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                                • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 59991e22e598d0620a8ea28b08b6331723726c4dd687d68517f86a9fee383a48
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 44a19358fe737cb26bcced7ba345f643aa72a293be4343f2e0d6fcba650c2f8c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 59991e22e598d0620a8ea28b08b6331723726c4dd687d68517f86a9fee383a48
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 812162755103059BDB20AF6ADC44E9B77E4FF95720F200A59F8A1E72E0DBB49960CB24
                                                                                                                                                                                                                                                                                                                                                                                Function 00B840AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B84112
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B8411F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B8412A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B84139
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B84145
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0ce324a9177a5d433e2b13e09f143ed7697c863c7ed482f8b4ee023b4d8ef305
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c2d9cb0976564354345e5216995bef316a6d5ac18c4b5e0d19c53cf170bddf94
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ce324a9177a5d433e2b13e09f143ed7697c863c7ed482f8b4ee023b4d8ef305
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 631190B215021ABEEF119F64CC85EE77F9DEF08798F014110BA18A60A0CB72DC21DBA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2D7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B2D7A3: _free.LIBCMT ref: 00B2D7CC
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D82D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D838
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D843
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D897
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D8A2
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D8AD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D8B8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1b84c78481c7243f4a22098b7a37c2610232047e2adba2efc34fc77d76c1dfdc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D115E71540B24BAD621BFB0EC47FCB7BDCAF04700F800965B2DDE61A2DA69B9458660
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00B5DA74
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00B5DA7B
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00B5DA91
                                                                                                                                                                                                                                                                                                                                                                                • LoadStringW.USER32(00000000), ref: 00B5DA98
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B5DADC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • %s (%d) : ==> %s: %s %s, xrefs: 00B5DAB9
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b7ff9142c840bdfc882ed2a5f13904775ade9a20e65b659b7d807a56255e00eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 571b6748c584179f506e9dfb530df0af5d9deb9a51eb7828ac2ce9efacc5ecff
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b7ff9142c840bdfc882ed2a5f13904775ade9a20e65b659b7d807a56255e00eb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 550162F65002087FE750ABA09D89EE737ACE708701F4005E6B706E3051EA749E848F74
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00F9E8A8,00F9E8A8), ref: 00B6097B
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00F9E888,00000000), ref: 00B6098D
                                                                                                                                                                                                                                                                                                                                                                                • TerminateThread.KERNEL32(?,000001F6), ref: 00B6099B
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00B609A9
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B609B8
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(00F9E8A8,000001F6), ref: 00B609C8
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00F9E888), ref: 00B609CF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e5300562aca41663ae00d56f8f20f62ff0ebddf8a66eddc93c257aff0e2592cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: caeb75b624c54eefb5d46e60b3ac9fd9abc433775c5c7c7b13a9af1b4f308816
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e5300562aca41663ae00d56f8f20f62ff0ebddf8a66eddc93c257aff0e2592cf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97F01972442A02EBD7416FA4EE8CAD6BB29FF01712F502025F202928F0CB749465CFA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B71C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B71DC0
                                                                                                                                                                                                                                                                                                                                                                                • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B71DE1
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71DF2
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(?,?,?,?,?), ref: 00B71EDB
                                                                                                                                                                                                                                                                                                                                                                                • inet_ntoa.WSOCK32(?), ref: 00B71E8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B539E8: _strlen.LIBCMT ref: 00B539F2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B73224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00B6EC0C), ref: 00B73240
                                                                                                                                                                                                                                                                                                                                                                                • _strlen.LIBCMT ref: 00B71F35
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 310d06003ebc8202b156a8fbc2746adcb57b8b976831d619295d3f8d86a5e391
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bdccb94565a2cefe1ad23f02cdc0686b1c554d52c73a51cbdf6f4dcae4fa0e5d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 310d06003ebc8202b156a8fbc2746adcb57b8b976831d619295d3f8d86a5e391
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CEB1AD71604340AFC324DF68C895E2A7BE5EF84318F54899CF56A5F2A2CB31ED41CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00AF5D30
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AF5D71
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00AF5D99
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?,?), ref: 00AF5ED7
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00AF5EF8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2b36a8c8b23679d5e33bc41ab7670585607d74788d6465f249f70c1248826357
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8a24bd6e60ae8232e233015a13e5c763718e97667862349e61b78161963b2b56
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2b36a8c8b23679d5e33bc41ab7670585607d74788d6465f249f70c1248826357
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22B16774A00A4ADBDB14CFB9C4807FAB7F1FF58310F24851AEAA9D7250DB34AA51DB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B201B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00B200BA
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B200D6
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00B200ED
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2010B
                                                                                                                                                                                                                                                                                                                                                                                • __allrem.LIBCMT ref: 00B20122
                                                                                                                                                                                                                                                                                                                                                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B20140
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5a6c95c6bf88bd2246e990d65a590c35d88c2efc42a5274df910ed09121d6069
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF812772A017169BE720AF28DC41BAB73E9EF45360F2445BEF519D7282EBB0D941C790
                                                                                                                                                                                                                                                                                                                                                                                Function 00B261FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B182D9,00B182D9,?,?,?,00B2644F,00000001,00000001,8BE85006), ref: 00B26258
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B2644F,00000001,00000001,8BE85006,?,?,?), ref: 00B262DE
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B263D8
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B263E5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B263EE
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B26413
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5bac7413a76587944b83ce3069cee2da5b99103ea72230d660d5d4ec1140eb6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: acd7c51c0d03ab8d3fc2a8dbe3f2a03c5508df6c396f18b03a7fb64a25e3d856
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5bac7413a76587944b83ce3069cee2da5b99103ea72230d660d5d4ec1140eb6a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1051D372600226ABDB259F68EC81EBF7BE9EF44750F1546A9FC09D7180EB34DC41C6A4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7BCCA
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7BD25
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00B7BD6A
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B7BD99
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B7BDF3
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 00B7BDFF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b4add037fc1fd6682dba3e8fd952bf466e800dfbaf9e2b9ef2c410b89e50f3e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a96c9d3a6fb9ae83dc2ed9f1c0f9a0861b44e705052809ae613d7fbea865d070
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4add037fc1fd6682dba3e8fd952bf466e800dfbaf9e2b9ef2c410b89e50f3e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5B819F70208241AFC714DF64C881E2ABBE5FF84308F1489ACF5694B2A2DB31ED45CF92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4F7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(00000035), ref: 00B4F7B9
                                                                                                                                                                                                                                                                                                                                                                                • SysAllocString.OLEAUT32(00000001), ref: 00B4F860
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00B4FA64,00000000), ref: 00B4F889
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(00B4FA64), ref: 00B4F8AD
                                                                                                                                                                                                                                                                                                                                                                                • VariantCopy.OLEAUT32(00B4FA64,00000000), ref: 00B4F8B1
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B4F8BB
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5d282400cbb885889d56c4ce29713dd9aebcd70aaa1840d1215b016b93954d21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1ad97f32bcba32d9ed4c473fc64760ec0d0d02535ba275aad7da6f355b58b8f5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5d282400cbb885889d56c4ce29713dd9aebcd70aaa1840d1215b016b93954d21
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A751B335A00312EACF24AB65D8D5B39B7E4EF45310B2494A6F906DF292DB70CD40E7A6
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                • GetOpenFileNameW.COMDLG32(00000058), ref: 00B694E5
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B69506
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B6952D
                                                                                                                                                                                                                                                                                                                                                                                • GetSaveFileNameW.COMDLG32(00000058), ref: 00B69585
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                                • String ID: X
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8f491ef7e9ee497dc9d81f6fc8baf349eb46286950b4068459a2d1d0eb41d7a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 64e7f25db3eedfbb69bd16dfee4755c32e2e127bfa64e720637af116a74e36f8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8f491ef7e9ee497dc9d81f6fc8baf349eb46286950b4068459a2d1d0eb41d7a0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE1AE316083019FD724DF64C981A6AB7E4FF85310F0489ADF99A9B2A2DB34DD05CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPaint.USER32(?,?,?), ref: 00B09241
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B092A5
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00B092C2
                                                                                                                                                                                                                                                                                                                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B092D3
                                                                                                                                                                                                                                                                                                                                                                                • EndPaint.USER32(?,?,?,?,?), ref: 00B09321
                                                                                                                                                                                                                                                                                                                                                                                • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00B471EA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09339: BeginPath.GDI32(00000000), ref: 00B09357
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ccb43aa942f410dd7b802ffcfe38cbea83b0c1ab7e4bf785264173d37ad4dbd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1219da594c0523170800aa8c0fa02ce7f6ede4ebe78c64ceb8950118f8d28f54
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ccb43aa942f410dd7b802ffcfe38cbea83b0c1ab7e4bf785264173d37ad4dbd8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E419F70104200AFD721DF28DC88FAA7FE8EF4A720F1406A9F965972F2CB719945DB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B607EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F5), ref: 00B6080C
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00B60847
                                                                                                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 00B60863
                                                                                                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 00B608DC
                                                                                                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00B608F3
                                                                                                                                                                                                                                                                                                                                                                                • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B60921
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3ce22242ebb7ca49de951f6ee3167795184f4a5d30cff572058b6a2db6a0d89d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: df51f7db9e776097803ed9693298189e13f90c98f4ce03b5395723ce01368890
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3ce22242ebb7ca49de951f6ee3167795184f4a5d30cff572058b6a2db6a0d89d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 75419A71A00205EBDF14EF55DC85AAA7BB9FF04310F1040A9ED00AB2A7DB74DE64CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B881DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00B4F3AB,00000000,?,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B8824C
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000000), ref: 00B88272
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B882D1
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 00B882E5
                                                                                                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,00000001), ref: 00B8830B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B8832F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 84db06db08c2727cf09a95c5b2f9bbf662429f171abc1ed9f9f10f54f23cda1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ba4a1266fa86500f08e4a6a10ee4c36ef20aa904b097ad96353dbf93ec0ad0aa
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84db06db08c2727cf09a95c5b2f9bbf662429f171abc1ed9f9f10f54f23cda1f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A41A174601644EFDB22EF18D899FA47BE0FB4A715F5842E9F5089B2B2CB71A841CF50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B54C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindowVisible.USER32(?), ref: 00B54C95
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B54CB2
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B54CEA
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B54D08
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B54D10
                                                                                                                                                                                                                                                                                                                                                                                • _wcsstr.LIBVCRUNTIME ref: 00B54D1A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a3afc4328a78c44bb73ccc39e1b5bded1d524be0dd5b94ab80143319097645a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5bbd078f14f8e098552ec733a135ddd9ca53dca9d499ced4e05169cc5041606f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3afc4328a78c44bb73ccc39e1b5bded1d524be0dd5b94ab80143319097645a4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A121B072204201BBEB259B29EC49B7B7FE8DF45755F1080F9FC05CB1A1EB61DC8496A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B6587B
                                                                                                                                                                                                                                                                                                                                                                                • CoInitialize.OLE32(00000000), ref: 00B65995
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00B8FCF8,00000000,00000001,00B8FB68,?), ref: 00B659AE
                                                                                                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32 ref: 00B659CC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f82e678307cc8fb82ed5999bd81eb3bc4c7af709129c69b2c3b122331f627277
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 21b9502969459b8e38cbb358a533f131347d3e6836ffaad7f37f9457c8dd691a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f82e678307cc8fb82ed5999bd81eb3bc4c7af709129c69b2c3b122331f627277
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24D172716087059FC724DF64C580A2EBBE1EF89710F14889DF88A9B3A1DB35EC45CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B50FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B50FCA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B50FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B50FD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B50FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B50FE5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B50FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B50FEC
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B50FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B51002
                                                                                                                                                                                                                                                                                                                                                                                • GetLengthSid.ADVAPI32(?,00000000,00B51335), ref: 00B517AE
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B517BA
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000), ref: 00B517C1
                                                                                                                                                                                                                                                                                                                                                                                • CopySid.ADVAPI32(00000000,00000000,?), ref: 00B517DA
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000,00B51335), ref: 00B517EE
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B517F5
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8ec6de428256fbc7c6ac3d2da7e8f0efca83f8afcf954e7e690eaa7b5927c179
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4492430f28cfb62f914fc5f56b9777cb73a723139a0bafc09f24e40a0f29a475
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ec6de428256fbc7c6ac3d2da7e8f0efca83f8afcf954e7e690eaa7b5927c179
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FC11B1B1500205FFDB10DFACCC89BAE7BE9EB49356F104598F941A7120CB359D48CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B514CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00B514FF
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00B51506
                                                                                                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00B51515
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000004), ref: 00B51520
                                                                                                                                                                                                                                                                                                                                                                                • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B5154F
                                                                                                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000), ref: 00B51563
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a0c9734f4ee536813268d82ea1af1c4422221a4eedb596e2fe241d78e109559e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 65beb8449aa8c8c1e33dc6c63974db4cd85e992e9a1860fe3f27c994b435dd8f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a0c9734f4ee536813268d82ea1af1c4422221a4eedb596e2fe241d78e109559e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B71186B2100209ABDF11CFA8ED49FDE3BA9EF48749F0440A4FE05A2160D775CE65EB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B13382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00B13379,00B12FE5), ref: 00B13390
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B1339E
                                                                                                                                                                                                                                                                                                                                                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B133B7
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,00B13379,00B12FE5), ref: 00B13409
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a663eee7da44db301a25525ccff3daf1909ef232cdb8439c874a99f913849c52
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ce5c30dd7ed02851aa2955a7cd9b1dd60da55257f5c8f8644d9913b32e2c1b46
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a663eee7da44db301a25525ccff3daf1909ef232cdb8439c874a99f913849c52
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B201B53260D711BFAA153BB47C855D62ED4DB05B757E003A9F420862F0FF614D82955C
                                                                                                                                                                                                                                                                                                                                                                                Function 00B22D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00B25686,00B33CD6,?,00000000,?,00B25B6A,?,?,?,?,?,00B1E6D1,?,00BB8A48), ref: 00B22D78
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22DAB
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22DD3
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00B1E6D1,?,00BB8A48,00000010,00AF4F4A,?,?,00000000,00B33CD6), ref: 00B22DE0
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,?,?,?,?,00B1E6D1,?,00BB8A48,00000010,00AF4F4A,?,?,00000000,00B33CD6), ref: 00B22DEC
                                                                                                                                                                                                                                                                                                                                                                                • _abort.LIBCMT ref: 00B22DF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 27acf126720caf9528d7acc64ceaa5b57ddd915c27115e160d83a85cd93490f9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bd818767bb2afb3ee640ff2639ccd80f36ddfaccfa84cb275e64bbd7ff2bc282
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 27acf126720caf9528d7acc64ceaa5b57ddd915c27115e160d83a85cd93490f9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2FF0CD3550453077C21277387C06E5A19D9EFC17E1F2405B8F82CE31E6DF3488424170
                                                                                                                                                                                                                                                                                                                                                                                Function 00B88A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: BeginPath.GDI32(?), ref: 00B096B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B88A4E
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000003,00000000), ref: 00B88A62
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B88A70
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,00000000,00000003), ref: 00B88A80
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00B88A90
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00B88AA0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b4a2e3bdbc48ef41e3d502f861e8a48f175e9d57e16a2dcbc46a3cd0a1da2cc1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8468e46765e48eca21ef86f45702aeaa4b9a2eebbb50404903e47c0a8441dfbe
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b4a2e3bdbc48ef41e3d502f861e8a48f175e9d57e16a2dcbc46a3cd0a1da2cc1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA11C976000109FFDB129F94DC88EAA7FADEB08394F048052BA199A1B1CB719D55DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B551FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B55218
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B55229
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B55230
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 00B55238
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B5524F
                                                                                                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00B55261
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7b3ea371329bcd715253af2a063b429944d6cb1a250783c18d6b7cde38b7ad02
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4b8b3108c03c66066ca8ab6aef52ece39033229a5261bedb0759e146e29e8143
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b3ea371329bcd715253af2a063b429944d6cb1a250783c18d6b7cde38b7ad02
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA018FB5A00708BBEB109BB59C49B5EBFB8EF48352F0440A5FA04E7290DA709804CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AF1BF4
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000010,00000000), ref: 00AF1BFC
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AF1C07
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AF1C12
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000011,00000000), ref: 00AF1C1A
                                                                                                                                                                                                                                                                                                                                                                                • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AF1C22
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 70996a36987aa5278b13c1698392f7fccb8d7d2ec8d75c5ae2e6852a041da42a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 07db78ddd236482f6ee64c1b09ed5045a48b8942df6f0547166e5f8183b67767
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70996a36987aa5278b13c1698392f7fccb8d7d2ec8d75c5ae2e6852a041da42a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00B5EB30
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00B5EB46
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 00B5EB55
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB64
                                                                                                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB6E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB75
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 99001ac1e5ffb78a9f17b0e566b7e46bf4eb604ca44cbd2d4fc955d675e7a1b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7d7c40f5379fbe029cd8bb50b368f8f80513d90e0ea98b68db811decfe87c421
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99001ac1e5ffb78a9f17b0e566b7e46bf4eb604ca44cbd2d4fc955d675e7a1b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F01DB2140158BBE62157529C4DEAB3E7CEBCAB11F000168F611E20A1EBB05A01C7B5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B47439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetClientRect.USER32(?), ref: 00B47452
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001328,00000000,?), ref: 00B47469
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowDC.USER32(?), ref: 00B47475
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,?), ref: 00B47484
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?,00000000), ref: 00B47496
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000005), ref: 00B474B0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bb860d815f871da57233c9b389d75ba2d466577206010e974155f86e69312075
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 610e3e892977905e479aac363df0d1f902cd27b0d997e584970e3da3e495c4da
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb860d815f871da57233c9b389d75ba2d466577206010e974155f86e69312075
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF012471400215EFEB519FA4EC09BAA7FB6FB04321F6145A4F926A32B1CF311E51EB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B5187F
                                                                                                                                                                                                                                                                                                                                                                                • UnloadUserProfile.USERENV(?,?), ref: 00B5188B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B51894
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B5189C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,?), ref: 00B518A5
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B518AC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 90d0337fa7b2232d13ceb27c9256aa200e3d09f6c171f1e26c9b78606a578e3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5eb44693af8d6c71866a825734d3887bc32976952b66d1f89f4df08b4fbbe638
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 90d0337fa7b2232d13ceb27c9256aa200e3d09f6c171f1e26c9b78606a578e3e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5DE0E5B6004101FBDB016FA1ED0CD0ABF39FF49B22B108220F22592474CF329421EF60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B5C6EE
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5C735
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B5C79C
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00B5C7CA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bdcff6146019163b6365febaeb1fd2ddcf81cac68702136c1529109ef2bcf92f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b08d77f7a0d48932db1b8a26ef4fd8934f3e89657eace2c54ba662f2fbc93493
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdcff6146019163b6365febaeb1fd2ddcf81cac68702136c1529109ef2bcf92f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6B51CC716043019FD7219F28C885B6ABBE9EB89311F040AEDFD95E35A1DB70DD08CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ShellExecuteExW.SHELL32(0000003C), ref: 00B7AEA3
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessId.KERNEL32(00000000), ref: 00B7AF38
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7AF67
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 05f889e35ad29905a13d4b13e8f6b3c17071e9bc34ea6b7b525faaec8d8fcbf7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 03e3a7398cf660a70e4d56f67be8bbd49b5bbd8fa8fa5793fa043f919b18ed83
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 05f889e35ad29905a13d4b13e8f6b3c17071e9bc34ea6b7b525faaec8d8fcbf7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 25716D71A00619DFCB14DF94C584AAEBBF0FF48314F148499E86AAB3A2C774ED45CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B57206
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00B5723C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00B5724D
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00B572CF
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e02f37f5a6451f6adb1f1e2e897b97cfe48e337ebb5b64958fa0aac74d21e28c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d24bee20a601184a60e1a5076a6d5d23c0133a152834f8179b7407f3053533ea
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e02f37f5a6451f6adb1f1e2e897b97cfe48e337ebb5b64958fa0aac74d21e28c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97419DB1644204AFDB15CF54D884B9A7BE9EF45311F1080E9BD099F20ADBB1D949CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B83E35
                                                                                                                                                                                                                                                                                                                                                                                • IsMenu.USER32(?), ref: 00B83E4A
                                                                                                                                                                                                                                                                                                                                                                                • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B83E92
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32 ref: 00B83EA5
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 58f764e6427d08f116f2927cc1ae33de1e5e78a9d0e21cbad520501745a9159f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 01d72a3cf105600870305a4641dc51d3667c2806282a2811341c488c7b1b70dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 58f764e6427d08f116f2927cc1ae33de1e5e78a9d0e21cbad520501745a9159f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF4156B5A00209EFDB10EF54D884EEABBF9FF59B51F0440A9E905A7260D730AE41CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B51E66
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B51E79
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B51EA9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a1aa4766d145998bb468b70c966ca92340d412d2b75d2e713606fd4008ec0d0c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 83b11c21d984b0b306776104c069ae81d6cf642c1e9b3017e623f7dab79864ad
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1aa4766d145998bb468b70c966ca92340d412d2b75d2e713606fd4008ec0d0c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D0212671A00108AEDB14ABA4CD86FFFBBF9DF45350B1045A9FC25A31E0DB34490EC620
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B82F8D
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?), ref: 00B82F94
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B82FA9
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?), ref: 00B82FB1
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 9648ab72ba3ef002d794519cd68b5662a09539cf4cac80c9f145a2274e93a126
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a2bee3d5e5647f37a421a8e9b015ab109f019f96ad8f5ef8893e76ff4a356f92
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9648ab72ba3ef002d794519cd68b5662a09539cf4cac80c9f145a2274e93a126
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3215871204209ABEB106FA49C84EBB77F9EF59364F104668FA50971A0DA71DC51D760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B14D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B14D1E,00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002), ref: 00B14D8D
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B14DA0
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,?,00B14D1E,00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000), ref: 00B14DC3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 864c30660128b20c44e89b3ec3c0a6b9d291136ca98447c6afacb2c88317b0b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e274d44d4f318d2c9bf7e0176339e95ad55e5a6c5db22bcb6b16f74a21ed004c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 864c30660128b20c44e89b3ec3c0a6b9d291136ca98447c6afacb2c88317b0b1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CF03C75A50208ABDB11AB90EC49BEEBFE5EF44752F4001A8B909A2260CF745D84CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E9C
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AF4EAE
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EC0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 18073e3fcfebbbb29f88a9e3900fc6bd245a5c44f86e0d6a432c457ed24dee7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a9ae591659542f8c4610e34e87372fc0d9ecc97d5020afbef72a1885a9c3c862
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18073e3fcfebbbb29f88a9e3900fc6bd245a5c44f86e0d6a432c457ed24dee7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F1E08675A055225B93322B65BC5CBBF6994AF85F627050115FE04E3220DF74CD05C2B0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E62
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AF4E74
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E87
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 595a1f2d8a7f810825798274fcb3ed6c77ce27c808521131777eb9fd29d736fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1d3acc90bef30f2bc5fb1c315581cebb55285a01a6a4ac710f2f4110215db910
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 595a1f2d8a7f810825798274fcb3ed6c77ce27c808521131777eb9fd29d736fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 23D0C231502A215747322B24BC1CEEB2E58AF89F113050210FA04B3130CF70CD05C3F0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B62947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62C05
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 00B62C87
                                                                                                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B62C9D
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62CAE
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62CC0
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d8f25aaf6c56ef0031dc95bbb095ffb18acad0812ecf8d9478d7d9b319b23ef1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3f146337db4aefa95e1bbfd11fe2d69e4a6db04b23181eac968a90e8b1f58b91
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d8f25aaf6c56ef0031dc95bbb095ffb18acad0812ecf8d9478d7d9b319b23ef1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14B14D72D0051DABDF21DFA4CD85EEEBBBDEF48350F1040A6F609E6151EA349A848F61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 00B7A427
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B7A435
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B7A468
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 00B7A63D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c7e91887469bbabd8d4e25ea5637f01b911fb4f166bd58c875d1ddd4400dc996
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 88c3fde17cc74649e2f9249c22a6a38f01322f360f58130e6e754a663aaf3038
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c7e91887469bbabd8d4e25ea5637f01b911fb4f166bd58c875d1ddd4400dc996
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAA17D716043019FD720DF24C986B2AB7E5AF84714F14885DFA6A9B3D2DBB0ED41CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2BB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B93700), ref: 00B2BB91
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B2BC09
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC1270,000000FF,?,0000003F,00000000,?), ref: 00B2BC36
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2BB7F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2BD4B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1487f6443fce92250b1e45804aa2fcef002240f667cf482f43429f38d641ef3f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c51a8a928aaa801517960c9f9d1430da497fc4f3f64af6199152d80bc7b490e3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1487f6443fce92250b1e45804aa2fcef002240f667cf482f43429f38d641ef3f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4151F971900229AFCB14EF69AC81DAEB7FCEF45350B1046EAE558E71A1EF309D41CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B5CF22,?), ref: 00B5DDFD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B5CF22,?), ref: 00B5DE16
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,?), ref: 00B5E473
                                                                                                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 00B5E4AC
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5E5EB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B5E603
                                                                                                                                                                                                                                                                                                                                                                                • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00B5E650
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: dab5757c2a5d8ca04c9f9bfd603220b5eb31821809990cfdebf12e07d31d4499
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 978772cd1cc6f0dd07ef5d23ead01f31252226fab912fd22d413080491a489f1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dab5757c2a5d8ca04c9f9bfd603220b5eb31821809990cfdebf12e07d31d4499
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 025151B24083455BC728DB90D881ADFB3ECAF84341F40499EFA99D3191EF74E68C8766
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                                                                                                                                                                                                                                                                                                                                • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7BAA5
                                                                                                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7BB00
                                                                                                                                                                                                                                                                                                                                                                                • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B7BB63
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?), ref: 00B7BBA6
                                                                                                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00B7BBB3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cd3fe9a2c048eef5cedd3061bc38fcf2a846714ce2488787e7f09bbb045c64ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4e9fe26d73fbbea724d99029250561ab1998227546a2bb032b1a76972ca41627
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd3fe9a2c048eef5cedd3061bc38fcf2a846714ce2488787e7f09bbb045c64ff
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6618A71208205AFC314DF54C490F2ABBE5FF84348F1485ACF4A98B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B58BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 00B58BCD
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00B58C3E
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32 ref: 00B58C9D
                                                                                                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 00B58D10
                                                                                                                                                                                                                                                                                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00B58D3B
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e141f89c0c254ec18f6d89e50b609596462e1e98a6c273aa74fc4df9be80add8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 70da201ee37d9d7f1d5056012d5c3db6a4e43cec70bb9e6f73560dc78fa295ed
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e141f89c0c254ec18f6d89e50b609596462e1e98a6c273aa74fc4df9be80add8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A515CB5A00219EFCB14CF58D894AAAB7F5FF89310B1585A9ED05EB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B68AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00B68BAE
                                                                                                                                                                                                                                                                                                                                                                                • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00B68BDA
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00B68C32
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00B68C57
                                                                                                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00B68C5F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: be4dc144f77fd0935844af3fecee805913693eb27cf303a5c03c07304b444f7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8285e9014c90119b705bc50286d7b02655ce46bb5391bf4b8b74c882cf562db9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be4dc144f77fd0935844af3fecee805913693eb27cf303a5c03c07304b444f7a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 60513B35A002199FCB11DF65C980A6DBBF5FF48314F088498E94AAB3A2CB35ED45CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B78EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B78F40
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00B78FD0
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B78FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00B79032
                                                                                                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 00B79052
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00B61043,?,7529E610), ref: 00B0F6E6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00B4FA64,00000000,00000000,?,?,00B61043,?,7529E610,?,00B4FA64), ref: 00B0F70D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e2a19fc15d4712c85a26b755df4e9e602a7407aed5d846c909022c1b98344d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c37bfb41771aa2849232cd1fb38eb30ab9745bed0b8441c8181dcc1f95c89aa2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e2a19fc15d4712c85a26b755df4e9e602a7407aed5d846c909022c1b98344d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 48512835604209DFCB15EF58C4949ADBBF1FF49314B0480A9E91AAB362DB31ED86CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B86B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B86C33
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,?), ref: 00B86C4A
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B86C73
                                                                                                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00B6AB79,00000000,00000000), ref: 00B86C98
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B86CC7
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 42aeef7024fc04daff9ed93f3b7a400d15321233a7d3c6516ca846412508ece1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 85e298e15235e958e5b6d46d87f843e1da6bd216fbf6c95b22337b9aad880e31
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42aeef7024fc04daff9ed93f3b7a400d15321233a7d3c6516ca846412508ece1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AD41BE75A04104AFDB24EF28CD99FA97FE5EB09360F1402A8F899A72F0D771AD41CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B22051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1553c09ae8c6e54ba0ea1a10cc66a3797bb765810174247462795404a8d03ab1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a47c5fa59ac5aa76a18aab2140d822b662c4e05cff6de21c5284af19fe28e5e0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1553c09ae8c6e54ba0ea1a10cc66a3797bb765810174247462795404a8d03ab1
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A41D532A00210AFDB24DF78D881A5EB7F5EF89314F5545A8E519EB391DB31ED01CB80
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B09141
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                                                                                                                                                                                                                                                                                                                                • GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 13fd4047c3227d93b408d518a8fcdcd3672379813319d24665e622248f6db9f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8e403ac08533dff8752a31a8190f5122ae5ef2f241bce311044de0b83195085a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 13fd4047c3227d93b408d518a8fcdcd3672379813319d24665e622248f6db9f5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E413D71A0861ABBDF159F64C844BEEBBB4FF05320F208295E425B72E1CB346A50DB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B63874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetInputState.USER32 ref: 00B638CB
                                                                                                                                                                                                                                                                                                                                                                                • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00B63922
                                                                                                                                                                                                                                                                                                                                                                                • TranslateMessage.USER32(?), ref: 00B6394B
                                                                                                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00B63955
                                                                                                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B63966
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 30acf4c3cff2917906a473495127980a75223ca98d2c44a751bfafa3bb7b63bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4fad07c3be97f88221946d586120b5125552c2e3c7cccc35a824e57f5ac95d39
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30acf4c3cff2917906a473495127980a75223ca98d2c44a751bfafa3bb7b63bb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 013186705043429EEB25CB349849FB63BE8EB16704F1409A9E463931E1EBB89A85CF21
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CF38
                                                                                                                                                                                                                                                                                                                                                                                • InternetReadFile.WININET(?,00000000,?,?), ref: 00B6CF6F
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFB4
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFC8
                                                                                                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFF2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0e2231278f36b32d050807d59905e7f1e94bc7b32c0cf27712b24da1588f46e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e7b70123dab3796b0b05cfbd96daa85d05e5a78122b3d34202a753c8770b69d2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e2231278f36b32d050807d59905e7f1e94bc7b32c0cf27712b24da1588f46e7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 11314CB1600206EFDB20DFA5D8849BBBFF9EB14350B1044AEF556D3151DB34AE49DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B51915
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000201,00000001), ref: 00B519C1
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?), ref: 00B519C9
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000001,00000202,00000000), ref: 00B519DA
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00B519E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f861d7d5631a70b0a727fb6c1040a8595b4a84c424e1e270c1fa2adfdbe2c532
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 69f90aea8137e44ef87efabccdaf4cdef518ff228da5308ca73d5b33dbd7daeb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f861d7d5631a70b0a727fb6c1040a8595b4a84c424e1e270c1fa2adfdbe2c532
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A31AF71900219EFCB00CFACC999BDE7BB5EB44315F1046A9FE21A72D1C7709949CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B85706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B85745
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B8579D
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B857AF
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B857BA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B85816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: cffc8c315506615612f43dde74544aaa3f77b4e42f88d5f0dbc95e57133e220f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7f03d8eda2cf45a04d1221bf14bf4033724d7ce7a9bf0e577efd337caaa26df3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cffc8c315506615612f43dde74544aaa3f77b4e42f88d5f0dbc95e57133e220f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CD2185759046189ADF30AF64CC85AEDBBF8FF04724F108296E929EB1E4D7709985CF50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B70930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • IsWindow.USER32(00000000), ref: 00B70951
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00B70968
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B709A4
                                                                                                                                                                                                                                                                                                                                                                                • GetPixel.GDI32(00000000,?,00000003), ref: 00B709B0
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(00000000,00000003), ref: 00B709E8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 408d3816d2bc33e338c5bbc00a80b4eae17d44acb28c26412fc1f5d91f02a23e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 457867886700df875864493a16a7623a1b29aa534f23f99d33e0fb6272872b95
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 408d3816d2bc33e338c5bbc00a80b4eae17d44acb28c26412fc1f5d91f02a23e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A218175600204EFD704EF69D984AAEBBF5EF44700F048469F95A97362DB34EC04CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2CDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32 ref: 00B2CDC6
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B2CDE9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                                                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B2CE0F
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2CE22
                                                                                                                                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B2CE31
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 558a4c27f1e5255c26c73df7a9817385ded980da7d75cc8d7d2cd50f4d8b7c37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5e1fc84d871c7bfa5bae75d3be64033e262655789fe4a88aae436466f989465b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 558a4c27f1e5255c26c73df7a9817385ded980da7d75cc8d7d2cd50f4d8b7c37
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A01D8B26012357F23212A767C8CC7F6DEDDEC6BA13160169F90DD7200DE719D0282B1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B09639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                                                                                                                                                                                                                                                                                                                                • BeginPath.GDI32(?), ref: 00B096B9
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ff95362a2033ecea6dffcc9c9e52cbd3c29d946b26ef79050ba72202619b4b10
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: dd44e17e731b3570edb62cc9b6acb9456e83513e2408c355e9430543c7278f08
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ff95362a2033ecea6dffcc9c9e52cbd3c29d946b26ef79050ba72202619b4b10
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7217C70802305EBDB119F28EC48BA93FE8FB46755F100656F411B71F2DBB19892CBA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B55711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6423fbc2a78c01a2bf426029d8f1113b10f712768922db5031217a41a737854e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 785b15f5eceb6208191e63b62121aa0b4f1dbf23c3c5460f70235e72c5a5d217
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6423fbc2a78c01a2bf426029d8f1113b10f712768922db5031217a41a737854e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2B01F57174160ABBD2286515AD92FFB73DCDB24397F5000E0FE049A255F720EE54C7A4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0990C Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 00B098CC
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00B098D6
                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00B098E9
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 00B098F1
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f9084082a4985c5075eb680e60ca2a71f1d7ece9899591bceb63650ba22ae77d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 53d746911ecee331cd2625e527cd693400ce0f2bc7066ea938d0bfc5d2ea62cb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f9084082a4985c5075eb680e60ca2a71f1d7ece9899591bceb63650ba22ae77d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A1108721452409BCB129F24ECADEE93FA0EB17365B18419EE582971F3DB314841CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B22DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6), ref: 00B22DFD
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22E32
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22E59
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00AF1129), ref: 00B22E66
                                                                                                                                                                                                                                                                                                                                                                                • SetLastError.KERNEL32(00000000,00AF1129), ref: 00B22E6F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e6044bb2029023b10dc1b2b2cc9f61ab679d47c6ebd1231840bc4090f04a456
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9e1ce081be65765ce2f7f69ffbec96c0fdf12c69cc8a26df840067cef006555a
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e6044bb2029023b10dc1b2b2cc9f61ab679d47c6ebd1231840bc4090f04a456
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C201F972205620B7C61277347C86D3B1AEDEBD576172201B8F41DE32E2EF74CC016120
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?,?,00B5035E), ref: 00B5002B
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50046
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50054
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?), ref: 00B50064
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50070
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 06d068997933a256c304b16a84d4d9d5e8ea097ceee4b34befb7fd20a9863481
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bcec51d6a655475844670258aace02d78353b49cfb7fb0d805c9c8d252e2b5e4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 06d068997933a256c304b16a84d4d9d5e8ea097ceee4b34befb7fd20a9863481
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B1018FB2610208BFDB115F68EC44BAA7EEDEB44752F1841A4FD05D3260DB71DD44CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00B5E997
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceFrequency.KERNEL32(?), ref: 00B5E9A5
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00B5E9AD
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 00B5E9B7
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32 ref: 00B5E9F3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1e3787bd8136b0a9503bd11096438073d10b8450cf144baf7c39a136129c48da
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 89a12f13e1a1003519744fe5f353cf1942d02ea1a7a7edf86b389993b99e2855
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e3787bd8136b0a9503bd11096438073d10b8450cf144baf7c39a136129c48da
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5015B71C01529DBCF44AFE4D8896DDBBB8FB09702F000586E922B2150DF309658C761
                                                                                                                                                                                                                                                                                                                                                                                Function 00B510F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                                                                                                                                                                                                                                                                                                                                • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8569ce3d3e8f6ecd4e51e68deb8580b8841866431ad256e12636cbdd269f8d5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aca7e2de26eb855ab86f3d204033d4eba8b3f03d98483543d2a4f2ee3beb6329
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8569ce3d3e8f6ecd4e51e68deb8580b8841866431ad256e12636cbdd269f8d5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3201FBB9100605AFDB115BA9EC49A6A3FAEEF85361B214495FA45D7260DB31DC00DB70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B50FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B50FCA
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B50FD6
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B50FE5
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B50FEC
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B51002
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 72f56f78bfbc2987e19cc62a231d6cf35062d9ea537704960ff8c5810ac4d523
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d9b7521cca3f1927c0922dfd196c0e21c8b2ae6cbe517d74edf3cde67d435242
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 72f56f78bfbc2987e19cc62a231d6cf35062d9ea537704960ff8c5810ac4d523
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A3F01975101311ABD7215BA8AC89F563FADEF89762F544854FA45972A1CA70D840CA60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B5102A
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B51036
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51045
                                                                                                                                                                                                                                                                                                                                                                                • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B5104C
                                                                                                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51062
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 55f507d10cc6a4d3a44c742631577cfac02e056798a78e929beca594d7485026
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ac6d24a872f391d435f37d0be928dd35e83e93ebe99fde3d3e8927803b0f979
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 55f507d10cc6a4d3a44c742631577cfac02e056798a78e929beca594d7485026
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65F037B5200311EBDB215FA8EC89F563FADEF89662F240854FA459B2A0CE70D841CB70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60324
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60331
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B6033E
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B6034B
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60358
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60365
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2925535dda82acd173d7ba17510eb8acd7ea43e7a3a2b4ad087669c83516898a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8751f1ebbcc2d86123489c4d4c040e98ed67659e3225cd57509e42a50680bd51
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2925535dda82acd173d7ba17510eb8acd7ea43e7a3a2b4ad087669c83516898a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9101D872810B118FCB30AF66D880803FBF9FF602063048A3ED19252A30C3B4A988CF84
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2D73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D752
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D764
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D776
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D788
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2D79A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3a70160bd2a63b8519cb659a744ff97aaeeb929c5a760bd8c7f42266129f2c31
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ade518cd937a262c3764ce1012bdc224f08862b0ea9059856fac8276778a8a63
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3a70160bd2a63b8519cb659a744ff97aaeeb929c5a760bd8c7f42266129f2c31
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CCF0FF32544624ABD621EB64F9C5C167BDDFB487107E40D95F04CD7611CB64FC808664
                                                                                                                                                                                                                                                                                                                                                                                Function 00B55C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,000003E9), ref: 00B55C58
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B55C6F
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00B55C87
                                                                                                                                                                                                                                                                                                                                                                                • KillTimer.USER32(?,0000040A), ref: 00B55CA3
                                                                                                                                                                                                                                                                                                                                                                                • EndDialog.USER32(?,00000001), ref: 00B55CBD
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 71f3ee1339518458e62f7bdec5e91de38c40c64931119e59f428e0a5f97844a3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 987689b84f25bf047debfd74f05fab22e6f845c19c4a083582e24f6db0a8606c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71f3ee1339518458e62f7bdec5e91de38c40c64931119e59f428e0a5f97844a3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34011770500704ABEB315B50DD5EFA57BB8FB04707F0415A9A552624E1DBF45948CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B222A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B222BE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B222D0
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B222E3
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B222F4
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B22305
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7c7e4011b24923c2ad894ffb32ce7c094daf42bca8bd330a86f188e8ba100824
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e318372da189d9542c564974c503953a255f244e6a8361f8d902afa25ac33065
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7c7e4011b24923c2ad894ffb32ce7c094daf42bca8bd330a86f188e8ba100824
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3FF017B5810131AB8612FF58BC01C583FA4FB2D7617410B9AF428E73B2CF750891AAA4
                                                                                                                                                                                                                                                                                                                                                                                Function 00B095C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00B095D4
                                                                                                                                                                                                                                                                                                                                                                                • StrokeAndFillPath.GDI32(?,?,00B471F7,00000000,?,?,?), ref: 00B095F0
                                                                                                                                                                                                                                                                                                                                                                                • SelectObject.GDI32(?,00000000), ref: 00B09603
                                                                                                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32 ref: 00B09616
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00B09631
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a622e822593ad2c9d2d8e98317dfb66ec8fd9ec544b65d4e046bc77237a256a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 74b6c204942156bbd65f0d743ea1fd8bb1cac7b12b1bd5ddb5530e5fdb39bfd1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a622e822593ad2c9d2d8e98317dfb66ec8fd9ec544b65d4e046bc77237a256a7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FEF03C30005704EBDB525F69ED5CB643FA1EB06362F048254F425670F2CFB189A2DF20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B20F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                                • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 720f46aa045b78a285b1c7ff98ec5c0a945f0391ee053bf426fe8237855da34d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 13936dfd7f9831d0e9a3581bea91f2c72d6961fb6ba3fe951aa223b1430bc3dc
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 720f46aa045b78a285b1c7ff98ec5c0a945f0391ee053bf426fe8237855da34d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACD12631910225EACB24DF6CE885BFAB7F2FF25700F2409D9E509AB650D3359D80CBA5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B77B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B10242: EnterCriticalSection.KERNEL32(00BC070C,00BC1884,?,?,00B0198B,00BC2518,?,?,?,00AF12F9,00000000), ref: 00B1024D
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B10242: LeaveCriticalSection.KERNEL32(00BC070C,?,00B0198B,00BC2518,?,?,?,00AF12F9,00000000), ref: 00B1028A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B100A3: __onexit.LIBCMT ref: 00B100A9
                                                                                                                                                                                                                                                                                                                                                                                • __Init_thread_footer.LIBCMT ref: 00B77BFB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B101F8: EnterCriticalSection.KERNEL32(00BC070C,?,?,00B08747,00BC2514), ref: 00B10202
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B101F8: LeaveCriticalSection.KERNEL32(00BC070C,?,00B08747,00BC2514), ref: 00B10235
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7418e3eeb276f9d27b47f3d979f634ab0c91f170633376ac9f5899664acec671
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a1d6b9fd28c4d1ea98f11543acd4a766175bac38a10abd7bac1501dbc66a0114
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7418e3eeb276f9d27b47f3d979f634ab0c91f170633376ac9f5899664acec671
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15916BB1A44209AFCB14EF94D991DBDB7F1FF48300F108099F82A9B2A1DB71AE41CB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B52716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B521D0,?,?,00000034,00000800,?,00000034), ref: 00B5B42D
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B52760
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00B5B3F8
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00B5B355
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B52194,00000034,?,?,00001004,00000000,00000000), ref: 00B5B365
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B52194,00000034,?,?,00001004,00000000,00000000), ref: 00B5B37B
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B527CD
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B5281A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6025eaaec8ae7bb62bf98490ee5db5ccbce68d2427d95bf310ef9fffdf11024b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6415ea25715f3c7d4cb95db4bf2d4984bb8aedd18376c666cdf112710f01cbcd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6025eaaec8ae7bb62bf98490ee5db5ccbce68d2427d95bf310ef9fffdf11024b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1A410872901218AEDB10DBA4CD85FEEBBB8EF09700F104099FA55B7191DB706E49CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rpDOUhuBC5.exe,00000104), ref: 00B21769
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B21834
                                                                                                                                                                                                                                                                                                                                                                                • _free.LIBCMT ref: 00B2183E
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\Desktop\rpDOUhuBC5.exe
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2506810119-3242178200
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 683c6707e229ba9fcfc8a94b0cc5d93ad40ede0de88f27ffd31af5f1d5a94219
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: bcc2625bdaa03808df1bf9d1ee023fa434051c2c604d7b4bb1a35a58ba103e34
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 683c6707e229ba9fcfc8a94b0cc5d93ad40ede0de88f27ffd31af5f1d5a94219
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F23154B5A00228ABDB21DF9DA885D9EBBFCEB95310B5445E6F408EB211D6708E40CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00B5C306
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000007,00000000), ref: 00B5C34C
                                                                                                                                                                                                                                                                                                                                                                                • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00BC1990,00FA5710), ref: 00B5C395
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bbe4c6b2782ef56498b1165dfb29ff039d69e057ab8de6d89fd689e0bb44f3b7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9155e87dc2ba42a716b9d5ce880ae0643cb4a1c01456f142453cf367ffac5e62
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbe4c6b2782ef56498b1165dfb29ff039d69e057ab8de6d89fd689e0bb44f3b7
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B841DD312043059FDB20DF24D885B6ABFE5EF84321F108A9DFCA1972D2C770A908CB66
                                                                                                                                                                                                                                                                                                                                                                                Function 00B84416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B8CC08,00000000,?,?,?,?), ref: 00B844AA
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32 ref: 00B844C7
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B844D7
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bc007da63bb1b71708866bdd5aaf953dd6c9628caf9f168e3225349e7cee1cbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4fdf7d68f38aa5073c8bbd44975dc7f3a72a3e622f8439d97a2832d8adbc4858
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc007da63bb1b71708866bdd5aaf953dd6c9628caf9f168e3225349e7cee1cbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0319E71210206ABDB20AE78DC45BEA7BE9EB09324F244765F975A32E0DB70EC50D760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B7335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B73077,?,?), ref: 00B73378
                                                                                                                                                                                                                                                                                                                                                                                • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B7309B
                                                                                                                                                                                                                                                                                                                                                                                • htons.WSOCK32(00000000,?,?,00000000), ref: 00B73106
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 78e7d94cb24b4adcbd4d30fe7d4ab75c232b33c8203d114730a1f79544fde939
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 547323cfc390f3483c67efa70c7d0a10485a84f2a00a3b4a2018fbab79761704
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 78e7d94cb24b4adcbd4d30fe7d4ab75c232b33c8203d114730a1f79544fde939
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F31C1392002059FCB20DF68C585FAA77E0EF14718F64C0D9E9299B7A2DB72EE41D761
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B83F40
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B83F54
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B83F78
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$Window
                                                                                                                                                                                                                                                                                                                                                                                • String ID: SysMonthCal32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2326795674-1439706946
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 2a4693a2072c92f4b5ca5556b854091d2315da8b13b8aca3d75d89f71d8c858d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9d9bac7fa9ced031217230f7dfe8d05dd02067cfe9e40e3e76032e82ec4938d7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a4693a2072c92f4b5ca5556b854091d2315da8b13b8aca3d75d89f71d8c858d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7321BF32610219BBDF159F90CC46FEA3BB9EF48B14F110254FE156B1E0DAB1E950CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B84653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B84705
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B84713
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B8471A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8954d1d841da9374aaebe4c3ffec1f91e0525cd65cdae73f943d714d9c93b457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3a8541451bb35ab8ddc6d3760e1f5efcd5fca437a06f4e31c690943914444d44
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8954d1d841da9374aaebe4c3ffec1f91e0525cd65cdae73f943d714d9c93b457
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71212CB5600209AFDB10EF68DC81DB637EDEB5A398B140499FA019B261DB71EC51CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B595AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: fe2f676357eaff4141b786b30213de1fe22fbf5988a8ad0c30953e7165b6ca57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c0e02ab05a5e4d2a2e9c03d96f3b8650e4ae4577424084f329df8af0e47a5df4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fe2f676357eaff4141b786b30213de1fe22fbf5988a8ad0c30953e7165b6ca57
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08216532204211A6D731BB24EC02FBB73D8EFA1311F8040E6FD4997091EB60AD9DC391
                                                                                                                                                                                                                                                                                                                                                                                Function 00B837B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B83840
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B83850
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B83876
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 40ba0e09d0edf206ffbce24d884100665ff4eaa232d3b891e89459749519eea4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8493e312bb7860d0a196ed594c4824d55ea565da933b98282b6791c0feb66d5b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 40ba0e09d0edf206ffbce24d884100665ff4eaa232d3b891e89459749519eea4
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB217F72610118BBEB11AF54CC85EBB37EAEF89F50F118164F9059B1A0DA71DC52C7A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B649F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000001), ref: 00B64A08
                                                                                                                                                                                                                                                                                                                                                                                • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00B64A5C
                                                                                                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00000000,?,?,00B8CC08), ref: 00B64AD0
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4169085271b3baddb22a13ee4c008295763d8e24f68c2dcae40c3f1e45b83d0c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 1bfb3a7645464a05b771f40a250c7d037f7c726b220b01d9307e9f9f0eae1555
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4169085271b3baddb22a13ee4c008295763d8e24f68c2dcae40c3f1e45b83d0c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38312175A00109AFDB10DF94C985EAA7BF8EF08308F1480A5F909DB262DB75ED46CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B841EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B8424F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B84264
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B84271
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4a4ef721f6b0e98b385eaed8860aaeb305c8e3d2bc3447c746105180bf8a7a01
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 98e4faf6e532974eea35850d449704e70ccf68e350e7ca577bd032f4d2eaf2d3
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a4ef721f6b0e98b385eaed8860aaeb305c8e3d2bc3447c746105180bf8a7a01
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3011C131254209BEEF20AE68CC06FAB3BECEF95B54F114524FA55E60A0D6B1D821DB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B52F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B52DC5
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B52DD6
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52DA7: GetCurrentThreadId.KERNEL32 ref: 00B52DDD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B52DE4
                                                                                                                                                                                                                                                                                                                                                                                • GetFocus.USER32 ref: 00B52F78
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B52DEE: GetParent.USER32(00000000), ref: 00B52DF9
                                                                                                                                                                                                                                                                                                                                                                                • GetClassNameW.USER32(?,?,00000100), ref: 00B52FC3
                                                                                                                                                                                                                                                                                                                                                                                • EnumChildWindows.USER32(?,00B5303B), ref: 00B52FEB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4bd982f60e85d5cbff2fbea7ab88379de5bff8df97cc30624288f9c718904e91
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6ae5ddd71fad8616b960eec3caa0e501d7af38ca27b1631d44ff1c121f3a5748
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4bd982f60e85d5cbff2fbea7ab88379de5bff8df97cc30624288f9c718904e91
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 71118EB16002096BDF557FA48885BED3BEAEF84305F0440F5BD099B2A2DE7099498B70
                                                                                                                                                                                                                                                                                                                                                                                Function 00B85882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B858C1
                                                                                                                                                                                                                                                                                                                                                                                • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B858EE
                                                                                                                                                                                                                                                                                                                                                                                • DrawMenuBar.USER32(?), ref: 00B858FD
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eec4a67a71db71f7c5096d67e208fa6d82b1ff93ce79f464ee6456402073609a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 33a325a32ad637b239b557126956a85e287c5a1f61716eec67293e93d2b7cc57
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eec4a67a71db71f7c5096d67e208fa6d82b1ff93ce79f464ee6456402073609a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 13011B71600219EEDB21AF11DC85BAEBFB4FB45361F1480E9E849D62B1DB309A94DF31
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 41b42e053a2a7e863154bfb4991bf422692672681f6e6febb2c3c9d1f5a036fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2d2c912b3ada8cd633e6d5411583046a33d94735652bace1b10919f5a4e1f29d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 41b42e053a2a7e863154bfb4991bf422692672681f6e6febb2c3c9d1f5a036fb
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9DC15875A1020AAFDB14DFA4C894BAEB7B5FF48305F2085D8E905EB251D731EE85CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B23E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 53747b37c370df057069af796da68615df08c6bed59768053493541a667604eb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FA16771E003A69FDB21CF18E8917AEBFE4EF61350F1845EDE5899B681C3388981C750
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3d7d9adb2a87937ab783a69bfc3c9882bc228c6d95b22fc10da634ca89de94ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d82314a53b1575eda7c4a7df312c7b3c4c31bcd5a56646bbc7596f354b7c1683
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d7d9adb2a87937ab783a69bfc3c9882bc228c6d95b22fc10da634ca89de94ce
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 40A14B75208304DFC710DF68C585A2ABBE5FF88B14F048899F99A9B362DB70EE05DB51
                                                                                                                                                                                                                                                                                                                                                                                Function 00B50436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B505F0
                                                                                                                                                                                                                                                                                                                                                                                • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B50608
                                                                                                                                                                                                                                                                                                                                                                                • CLSIDFromProgID.OLE32(?,?,00000000,00B8CC40,000000FF,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B5062D
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00B5064E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d7eea60b31ac95d627db0c1cf79775b5ec191563470de0848dab7a7689b2918e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 23309777b56b88e9da1b47f9f6edf3a25912dd0266c5ec6563205c5a0363f265
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d7eea60b31ac95d627db0c1cf79775b5ec191563470de0848dab7a7689b2918e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6381FE75910109EFCB04DF94C984EEEB7F9FF89315F104598E516AB250DB71AE0ACB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateToolhelp32Snapshot.KERNEL32 ref: 00B7A6AC
                                                                                                                                                                                                                                                                                                                                                                                • Process32FirstW.KERNEL32(00000000,?), ref: 00B7A6BA
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • Process32NextW.KERNEL32(00000000,?), ref: 00B7A79C
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 00B7A7AB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00B33303,?), ref: 00B0CE8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 66b0ee7f6f2fb226bd6e96273f85da6135d0630736ec64885c28c9aabaf74e4e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 831e1a61963b3b59f128b6b029db39e038f177022de9fe196f70b8f639eb6980
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 66b0ee7f6f2fb226bd6e96273f85da6135d0630736ec64885c28c9aabaf74e4e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0516DB15083049FD710EF64C986A6FBBE8FF89754F00896DF599972A1EB30D904CB92
                                                                                                                                                                                                                                                                                                                                                                                Function 00B31391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 703dea3ba4701d2118e32058ab7ed0fdd4bc89f6d3495eaaae6e284b75606e5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a30bc904fbe4617ad932b0e4f768475f99edd3f6f62924cf7100c38f038fd803
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 703dea3ba4701d2118e32058ab7ed0fdd4bc89f6d3495eaaae6e284b75606e5d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A410B31A00511ABDB217BBD9C866BE3AEDEF41370F344AE5F41DD7392EA3448419BA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B86278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B862E2
                                                                                                                                                                                                                                                                                                                                                                                • ScreenToClient.USER32(?,?), ref: 00B86315
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B86382
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1bd52f4ba8da59458c04dc3213e0ac198fb3260266fb2b982aec42942ee272fe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 75f3c1d662b91c8ae8746b2e63fb39d35573039fdd6b1b442901eaff39806072
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1bd52f4ba8da59458c04dc3213e0ac198fb3260266fb2b982aec42942ee272fe
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BF510974A00209EFDB14EF68D980AAE7BF5FF45360F1085A9F9159B2A1DB70ED81CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B71AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • socket.WSOCK32(00000002,00000002,00000011), ref: 00B71AFD
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71B0B
                                                                                                                                                                                                                                                                                                                                                                                • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B71B8A
                                                                                                                                                                                                                                                                                                                                                                                • WSAGetLastError.WSOCK32 ref: 00B71B94
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: d0289b54c3037d69c6c3584d90e9f139e878c66175345d00b466ed42bc09cca9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b6fc64e7280a5c958441a5608c7d4cc317ea71d823496ffba9d97589efb3362f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d0289b54c3037d69c6c3584d90e9f139e878c66175345d00b466ed42bc09cca9
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0416E746402046FE720AF68C986F397BE5EB44718F54C498FA2A9F3D2D772DD418BA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2B41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 0773ee027820c5d2db76d88953c177df4410a7978862b7b8da037be8536adade
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 2f5f945fd507018ea61c8a49a4a774261089be65c79905a32e85e08ec4b6985d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0773ee027820c5d2db76d88953c177df4410a7978862b7b8da037be8536adade
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 33413C71A00724BFD724AF38DC81FAA7BE9EB88710F2045AEF559DB381DB7199418780
                                                                                                                                                                                                                                                                                                                                                                                Function 00B656D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00B65783
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 00B657A9
                                                                                                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00B657CE
                                                                                                                                                                                                                                                                                                                                                                                • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00B657FA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 99145863a3664150126c2af294748ca6c234b85c8ef79a74fe63e5341ca835a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 14d75e770065947240f19901b687a06fb17ce09f5db762359f66bdd23f90da1e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 99145863a3664150126c2af294748ca6c234b85c8ef79a74fe63e5341ca835a8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C413D35600615DFCB21DF55C544A2EBBF2EF89720B188488F94AAB362CB74FD04CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2D8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00B16D71,00000000,00000000,00B182D9,?,00B182D9,?,00000001,00B16D71,8BE85006,00000001,00B182D9,00B182D9), ref: 00B2D910
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B2D999
                                                                                                                                                                                                                                                                                                                                                                                • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00B2D9AB
                                                                                                                                                                                                                                                                                                                                                                                • __freea.LIBCMT ref: 00B2D9B4
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 007ccdb6ec8777c6046d96a977325b4e39c575942b2e931ae0ea2f1edd405b09
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c0a7d77068b2a10d84a8209347fba10370783d86739982662345934ca641a2f7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 007ccdb6ec8777c6046d96a977325b4e39c575942b2e931ae0ea2f1edd405b09
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1931B371A0021AABDF24DF64EC85EAE7BE5EB40710F1542A8FC08D7150DB35CD94CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B852C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001024,00000000,?), ref: 00B85352
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B85375
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B85382
                                                                                                                                                                                                                                                                                                                                                                                • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B853A8
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 835b9b9e3eb69af722cbdea7c9ff28bbc83881d76c25d1d25df642db261e6580
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5737880645506c6d22d881332e80b22e4d57a61f033fdd6c0877797a96d57857
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 835b9b9e3eb69af722cbdea7c9ff28bbc83881d76c25d1d25df642db261e6580
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8331AF74A55A0CFFEB30AA14CC46FE837E5EB05391F584181BA12971F1C7B09E40DB59
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00B5ABF1
                                                                                                                                                                                                                                                                                                                                                                                • SetKeyboardState.USER32(00000080,?,00008000), ref: 00B5AC0D
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000101,00000000), ref: 00B5AC74
                                                                                                                                                                                                                                                                                                                                                                                • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00B5ACC6
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: de06223bc5f8308b0c28400af672952822f6b2bd08b2ecedf6f9dafa3b455de8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: ccb7fe34e51ad93acebcb56ff2e58774a9e0ad926b056e3090afda692a306415
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: de06223bc5f8308b0c28400af672952822f6b2bd08b2ecedf6f9dafa3b455de8
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D312670A00218AFEF34CB648C05BFA7BE5EB89312F0443DAEC85A71D0D37599898762
                                                                                                                                                                                                                                                                                                                                                                                Function 00B87674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(?,?), ref: 00B8769A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(?,?), ref: 00B87710
                                                                                                                                                                                                                                                                                                                                                                                • PtInRect.USER32(?,?,00B88B89), ref: 00B87720
                                                                                                                                                                                                                                                                                                                                                                                • MessageBeep.USER32(00000000), ref: 00B8778C
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b9c27a7ddf3f9c991fa2e210cf7b75eef5545a3922f6083c788210b587b6cd24
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a1a29595ebe111f2c6a3827c497d5b5b40fe12ee5e0631e4ce17491ade75e98
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9c27a7ddf3f9c991fa2e210cf7b75eef5545a3922f6083c788210b587b6cd24
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CC417E786452149FCB01EF58C894EA97BF5FB49318F2940E8E8249B271DB70ED42CB90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B816DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00B816EB
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                                                                                                                                                                                                                                                                                                                                • GetCaretPos.USER32(?), ref: 00B816FF
                                                                                                                                                                                                                                                                                                                                                                                • ClientToScreen.USER32(00000000,?), ref: 00B8174C
                                                                                                                                                                                                                                                                                                                                                                                • GetForegroundWindow.USER32 ref: 00B81752
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 7dd71b09ae2b922f55fb893cda7428d96f82e74bd8ab63042f87296a765ece2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f24681d54ce4904408d3e5c41df70fd9a5c7ce0aa6b82b6fd6b7d125ad6e0186
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7dd71b09ae2b922f55fb893cda7428d96f82e74bd8ab63042f87296a765ece2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 853121B5D01249AFC700EFA9C981DAEBBFDEF48304B5484A9E515E7211DB319E45CBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B88FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B89001
                                                                                                                                                                                                                                                                                                                                                                                • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00B47711,?,?,?,?,?), ref: 00B89016
                                                                                                                                                                                                                                                                                                                                                                                • GetCursorPos.USER32(?), ref: 00B8905E
                                                                                                                                                                                                                                                                                                                                                                                • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00B47711,?,?,?), ref: 00B89094
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3aa6a1bad1427e4d43bd9cb8f5d1f8b4696b96c5f575acece27ac9d337bc216f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b339e2b0154cd5accd438aa6fa86db2b99863c05eff89bf092a3fa29b16778ff
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3aa6a1bad1427e4d43bd9cb8f5d1f8b4696b96c5f575acece27ac9d337bc216f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 56219F35600018EFCF259F98CC59EFA7BF9EB4A350F2840A5F906672B2C7319950DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00B8CB68), ref: 00B5D2FB
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B5D30A
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B5D319
                                                                                                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B8CB68), ref: 00B5D376
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b20ee8d5b913969f0b0a1f0105eae92884d29c813bb2e05e42d6e178aa21261a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c32e63cfff3e1a0f92ffc27b4fefe02ae8ef52ee51c82bee609dcffae582df54
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b20ee8d5b913969f0b0a1f0105eae92884d29c813bb2e05e42d6e178aa21261a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9521D3705052019F8720DF64C881A6BBBE4EF55365F104B9DF899C72E1DB30D909CB97
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B5102A
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B51036
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51045
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B5104C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51062
                                                                                                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00B515BE
                                                                                                                                                                                                                                                                                                                                                                                • _memcmp.LIBVCRUNTIME ref: 00B515E1
                                                                                                                                                                                                                                                                                                                                                                                • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B51617
                                                                                                                                                                                                                                                                                                                                                                                • HeapFree.KERNEL32(00000000), ref: 00B5161E
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: feebd641607a6bdb305e1973ffb1fff39e075836858bd3ac31efe6f45548e22a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb42157870856e9bda453eb34225b2419c9145c9e4c28c4ea5b7f4399f4c1278
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: feebd641607a6bdb305e1973ffb1fff39e075836858bd3ac31efe6f45548e22a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9217C71E40108EFDB00DFA8C945BEEB7F8EF44345F1848D9E851A7251E730AA09CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EC), ref: 00B8280A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B82824
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B82832
                                                                                                                                                                                                                                                                                                                                                                                • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B82840
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e85fdc1ff39052e7f174137c5b355ae9629dfdd898d3160d807de76f854e4289
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8d4b8c58354560e58d4ab2da58cf7b598eb4c2bb4dd3e154fa0bd212f002f5f2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e85fdc1ff39052e7f174137c5b355ae9629dfdd898d3160d807de76f854e4289
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3121D335204115AFDB14AB24C845FAA7BE5EF45324F148198F8268B6F2CB75FC42C7A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B578F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B58D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00B5790A,?,000000FF,?,00B58754,00000000,?,0000001C,?,?), ref: 00B58D8C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B58D7D: lstrcpyW.KERNEL32(00000000,?,?,00B5790A,?,000000FF,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B58DB2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B58D7D: lstrcmpiW.KERNEL32(00000000,?,00B5790A,?,000000FF,?,00B58754,00000000,?,0000001C,?,?), ref: 00B58DE3
                                                                                                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B57923
                                                                                                                                                                                                                                                                                                                                                                                • lstrcpyW.KERNEL32(00000000,?,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B57949
                                                                                                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(00000002,cdecl,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B57984
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f82a79aecb7779f89072e68fa6bfeb9c1b74d75a74ce638d71e9df1cd2f4c0c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b5907abaf07ff1664f7c7df9055a9647baafd54deed7cff74660a43a498d064e
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f82a79aecb7779f89072e68fa6bfeb9c1b74d75a74ce638d71e9df1cd2f4c0c0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8811037A300242BBCB25AF35E844E7A77E9FF85751B4040AAFC02C72A4EF719805C7A1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B87CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00B87D0B
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B87D2A
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B87D42
                                                                                                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00B6B7AD,00000000), ref: 00B87D6B
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: bbd4a666efb96aacdf61ad21708c19e97c378e44662fdba2fd8ff8bef5a8c9aa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cd22ccc25644eac881f087e4c039b940c30605ef9b91a1d168ba7c52b40f89e0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bbd4a666efb96aacdf61ad21708c19e97c378e44662fdba2fd8ff8bef5a8c9aa
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41118E72544615AFCB10AF28CC04EA63BE5EF463A4B258764F835D72F1EB30D951CB50
                                                                                                                                                                                                                                                                                                                                                                                Function 00B85660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001060,?,00000004), ref: 00B856BB
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B856CD
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B856D8
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B85816
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ffd5671afb89b42c2764d9fe1b10dad73e5f77f636d30ff235e208c8ee4db68b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b8b34e3167176c3275353568e2c7f0db888d4e532bf7fc79a818edbfbd0c69e2
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ffd5671afb89b42c2764d9fe1b10dad73e5f77f636d30ff235e208c8ee4db68b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C611D3756006089ADF30AF65CCC5AEE77ECEF11764B5040A6F915D61A1EB70DA84CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B21D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c5e93dcfcfad22431b7a1145290aa34fa1281afc5c432b81020ae99343d1ab3f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e195407ccaa4c1ad71fb0b6f5fd66239211638af4e23e2f27b50064c69e2522d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c5e93dcfcfad22431b7a1145290aa34fa1281afc5c432b81020ae99343d1ab3f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF018FB220962ABEF621267C7CC0F27669CDF553F8B300BB5F539A11D2DB648C414170
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B0,?,?), ref: 00B51A47
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A59
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A6F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A8A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8d1aaa930399dfbd2cad329addf4bbf7ea866af37920ba6d0d67b8cd91517dbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: eb3d3210237407a2ed893e5d6e4f7da28be923ec0eaa9d910351d9a6bb8c7359
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8d1aaa930399dfbd2cad329addf4bbf7ea866af37920ba6d0d67b8cd91517dbf
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 31113C3AD01219FFEB11DFA8CD85FADBBB8EB04750F200491EA10B7290D6716E50DB94
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00B5E1FD
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(?,?,?,?), ref: 00B5E230
                                                                                                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00B5E246
                                                                                                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00B5E24D
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ef9a9d020dff58cc859b96a3724fa48dfad4de5ffd0055a18d7a02b3ed18e321
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: e0222fea35821567db7236cb6d435c65a64834d30f4f724a080a7f6814f52d87
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef9a9d020dff58cc859b96a3724fa48dfad4de5ffd0055a18d7a02b3ed18e321
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE11A5B6904254BBC7059FA8EC49E9A7FACDB86315F044695F934E3291DAB1CA0487A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B1D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateThread.KERNEL32(00000000,?,00B1CFF9,00000000,00000004,00000000), ref: 00B1D218
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B1D224
                                                                                                                                                                                                                                                                                                                                                                                • __dosmaperr.LIBCMT ref: 00B1D22B
                                                                                                                                                                                                                                                                                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 00B1D249
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c70731c1db90ae29207914230e7af526160b5491490773ccab18e6fe71ab37ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 29fac23eada6e020966dfe3efbcce7b5ab6d94475e2735f66eb753e86b4d2a3d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c70731c1db90ae29207914230e7af526160b5491490773ccab18e6fe71ab37ee
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5601D276905204BBCB116BA5DC09BEA7FE9DF81330F600299F925921E0DF718981C7E0
                                                                                                                                                                                                                                                                                                                                                                                Function 00AF600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 537efc82d617e6a55f6bac48f0aad0669840e011f733addb1f89d8cad6290024
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b204392c70c13f88257c3dc6c5ddb4066939aefebb2b0a9de809803e5d97b0ca
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 537efc82d617e6a55f6bac48f0aad0669840e011f733addb1f89d8cad6290024
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47115BB250150DBFEF125FA49C44EFABF79EF093A5F144215FA1552120DB329C60DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B13B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • ___BuildCatchObject.LIBVCRUNTIME ref: 00B13B56
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B13AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00B13AD2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B13AA3: ___AdjustPointer.LIBCMT ref: 00B13AED
                                                                                                                                                                                                                                                                                                                                                                                • _UnwindNestedFrames.LIBCMT ref: 00B13B6B
                                                                                                                                                                                                                                                                                                                                                                                • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00B13B7C
                                                                                                                                                                                                                                                                                                                                                                                • CallCatchBlock.LIBVCRUNTIME ref: 00B13BA4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9b15e76aef7e79ad926ea9e8a32a9cab133742fbd85da131bb29400dcaf5e741
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CB014C72100148BBDF125E95CC46EEB7FEDEF49B54F444094FE4856121E732E9A1DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B23073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00AF13C6,00000000,00000000,?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue), ref: 00B230A5
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue,00B92290,FlsSetValue,00000000,00000364,?,00B22E46), ref: 00B230B1
                                                                                                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue,00B92290,FlsSetValue,00000000), ref: 00B230BF
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: f20d5053da2261c7c3e143cd989b71b31f045bad544b8f258e0eb8ddb84cdd1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 775187b83ed9e7a06f175b802d4d642e890da246d006f936470f4daa1e9b9fa7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f20d5053da2261c7c3e143cd989b71b31f045bad544b8f258e0eb8ddb84cdd1b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A201D472701236ABCB214A78BC84B577BD8EF05F61B200660F909E7190CB35D902C7F0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B57464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00B5747F
                                                                                                                                                                                                                                                                                                                                                                                • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00B57497
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00B574AC
                                                                                                                                                                                                                                                                                                                                                                                • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00B574CA
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 5063d6f70de478f044a035a50f2cdf640177c97a1b4219e8e870b3f6e3af4d39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: fda02021e6d83a84c24ce9af6892c5dfe0c020ad5721034937f76fb0861b3ae4
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5063d6f70de478f044a035a50f2cdf640177c97a1b4219e8e870b3f6e3af4d39
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ED117CB13453119BE7208F24FC48F927FF8EB04B01F1085E9AA16D7251DB70E948DBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0C4
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0E9
                                                                                                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0F3
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B126
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4c7910775f6d09bd19b0c5d914ee39fffc661d54540d55d173090c166f68ee2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 18f930723b26f562a66862e81a06915a3667725f6ff965ba8ae11207b2a74d12
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c7910775f6d09bd19b0c5d914ee39fffc661d54540d55d173090c166f68ee2f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E7112771C01928EBCF00AFA5E998BEEBFB8FB09712F1044C5D941B2195CB309654CB61
                                                                                                                                                                                                                                                                                                                                                                                Function 00B52DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B52DC5
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B52DD6
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 00B52DDD
                                                                                                                                                                                                                                                                                                                                                                                • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B52DE4
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4fc5cef0fd18c026e4b975b25c6fc9f27e71a01f13a85715a4c5519e95a73433
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 27b2d86a0378d9c81411d6d34f2b77e81cba1818ad1a91533d7464bbc0d2d3a5
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4fc5cef0fd18c026e4b975b25c6fc9f27e71a01f13a85715a4c5519e95a73433
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 74E0E5B1501224B6D72017629C4DFE77E6CEB57B62F500165B905D70909AB58545C7B0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B88863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: BeginPath.GDI32(?), ref: 00B096B9
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                                                                                                                                                                                                                                                                                                                                • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B88887
                                                                                                                                                                                                                                                                                                                                                                                • LineTo.GDI32(?,?,?), ref: 00B88894
                                                                                                                                                                                                                                                                                                                                                                                • EndPath.GDI32(?), ref: 00B888A4
                                                                                                                                                                                                                                                                                                                                                                                • StrokePath.GDI32(?), ref: 00B888B2
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b6b70f225636afdeecb34f3cc96eb147247be1f5ff28f38cb82f551e8155c236
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7cf0d7ce4d913b5dc93403c8055f7d56251c373920a79843bfb73f826fd09720
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b6b70f225636afdeecb34f3cc96eb147247be1f5ff28f38cb82f551e8155c236
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 38F03A36041258BBDB126F94AC09FCA3E59AF0A310F448040FA11660F2CBB55511CBA5
                                                                                                                                                                                                                                                                                                                                                                                Function 00B098B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000008), ref: 00B098CC
                                                                                                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,?), ref: 00B098D6
                                                                                                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,00000001), ref: 00B098E9
                                                                                                                                                                                                                                                                                                                                                                                • GetStockObject.GDI32(00000005), ref: 00B098F1
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: ca26a747d4f95f5aba5c7b16f8c0d7b44ffd25f65b611aae5b3d4715ec8df886
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 58af2fc7eef3f82cc654b1e4c9ce872a2c2f3f9aa7673988abc006a0968ff192
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ca26a747d4f95f5aba5c7b16f8c0d7b44ffd25f65b611aae5b3d4715ec8df886
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8BE06571244240AEDB215B74BC1DBE83F50EB11335F04825AF6F5590F1CB714640DB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B5162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 00B51634
                                                                                                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,?,?,?,00B511D9), ref: 00B5163B
                                                                                                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00B511D9), ref: 00B51648
                                                                                                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000,?,?,?,00B511D9), ref: 00B5164F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c141a2dba0ecfcad990dbd1081bc4caf3345fa98095895a5a67b763f8154e77e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d30bd1728d94afe14e88f53c138e320ecf775ae70a6ab78e091e1af124eb71cb
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c141a2dba0ecfcad990dbd1081bc4caf3345fa98095895a5a67b763f8154e77e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ABE08CB2602211EBD7201FB4AE0DB863FBCEF457D2F158888F645CA0A0EA348445CB78
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B4D858
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B4D862
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B4D882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00B4D8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 006b826e6cefe69c6a70c826b240fec315891193e839916714d091400892b677
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 12c578dc70757889c1d2e61bedc9980fcea25adba81fdfa1e032664c351b40b1
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 006b826e6cefe69c6a70c826b240fec315891193e839916714d091400892b677
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2EE075B5800205DFCB419FA1994866DBFB5AB48311B148459E946E7260DB389941EF60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B4D86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetDesktopWindow.USER32 ref: 00B4D86C
                                                                                                                                                                                                                                                                                                                                                                                • GetDC.USER32(00000000), ref: 00B4D876
                                                                                                                                                                                                                                                                                                                                                                                • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B4D882
                                                                                                                                                                                                                                                                                                                                                                                • ReleaseDC.USER32(?), ref: 00B4D8A3
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8661caaf4924552412b88ec7dec6f3677bd3b6774b6ac302efdecf742bf7ca7c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 9a83d11938822d8b91aa2ef09bbb29116fe9ede557d23509074f4ff762ea55bd
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8661caaf4924552412b88ec7dec6f3677bd3b6774b6ac302efdecf742bf7ca7c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F4E092B5800205EFCB51AFB1E94866DBFB5BB48311B148459F94AE72A0EB389901EF60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B64D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                                                                                                                                                                                                                                                                                                                                • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00B64ED4
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 85735fd58c7cb1d6cfecb623c2d02f19923578b39c6dab31465d63356b80a66c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 62aa87dbd3814ebbda28d492e454e0a6dbcaaaa21c7c670c6952645398b0621c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 85735fd58c7cb1d6cfecb623c2d02f19923578b39c6dab31465d63356b80a66c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE912B75A006049FCB14DF58C584EAABBF1EF44304F1980D9E80A9B3A2D779ED85CB91
                                                                                                                                                                                                                                                                                                                                                                                Function 00B1E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • __startOneArgErrorHandling.LIBCMT ref: 00B1E30D
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                                • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 38134a20f69d891ee3d5c110667182930c31f6fda2e1bda0fad216418f035094
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8fada1d92eef2bfb2d8f8936784706fd1b82e7f0bc00c2d08461c90a7fb3df86
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 38134a20f69d891ee3d5c110667182930c31f6fda2e1bda0fad216418f035094
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1D517CA1A4C11296CB167724E9417FA2BD8DB00740F744DE9E8B9433A9DF34CCC59A8E
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                                                                                                • String ID: #
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e161233b15c3f29a6d9f8867638bec563f7eac185d375200be4d4f4ce32e4e0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4994f076facf999becfc21bd2c8fb41951eb495e4c44235c7831c2ba491d82a0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e161233b15c3f29a6d9f8867638bec563f7eac185d375200be4d4f4ce32e4e0
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8351017550024ADFDF15DF68C481ABA7BE4FF55320F244495F8A1AB2D0DA34DE42DBA0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B0F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(00000000), ref: 00B0F2A2
                                                                                                                                                                                                                                                                                                                                                                                • GlobalMemoryStatusEx.KERNEL32(?), ref: 00B0F2BB
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 714acbd3b731d345839f0b6f8e168a8ed5c6122bdbac35127ecee9a40e68e13d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: a6aed681150fc31c54e16cb548dc47c3434d4b90ff4887bdc9c8b8abd4bf404d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 714acbd3b731d345839f0b6f8e168a8ed5c6122bdbac35127ecee9a40e68e13d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 035159714087499BD320AF55D986BBFBBF8FF85310F81484CF29941195EF708929CB66
                                                                                                                                                                                                                                                                                                                                                                                Function 00B75745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B757E0
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B757EC
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: eb593462bcbf3a7f40a201dac2e89c426123785fd4938f1edec6056efa6db193
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 73992ed4f37c8f1786f44990298bb2a8e93997a58ab20bad361f382e1a42b62b
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eb593462bcbf3a7f40a201dac2e89c426123785fd4938f1edec6056efa6db193
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3A418171E001099FCB14DFA9C8819BEBBF5FF59350F1480A9E519A7291E7709D81CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B6D130
                                                                                                                                                                                                                                                                                                                                                                                • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00B6D13A
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: |
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 97a0f0d02c10b7272419c45c90498aa7e0e091568a9506a5950266104fbf2f8d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 3ec5e2252bef17e035c11158e7162992146e1f2707dfc05125b73d665a651d09
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97a0f0d02c10b7272419c45c90498aa7e0e091568a9506a5950266104fbf2f8d
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21312A71D00209ABCF15EFE5CD85AEEBFB9FF05340F000059F919A6162EB75AA56CB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B8356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(?,?,?,?), ref: 00B83621
                                                                                                                                                                                                                                                                                                                                                                                • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B8365C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 4deb1009d292ac904afa8243ac1740712250038c6202cd8d47df0a009641f304
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f69c4129b02ebee65a872ce6997b227f1c531fc015e7b6bf1fdd69e321dfbb6f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4deb1009d292ac904afa8243ac1740712250038c6202cd8d47df0a009641f304
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1C319071110604AEDB10EF68DC80EFB77E9FF58B20F108619F9A5972A0DA30AD91C760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B84537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B8461F
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B84634
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: '
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 03b5e217e6913beaf789a961c28dda118ae2750550c6f5cbe7a31b7554d8fb2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 55e50a916155a21680b263c59b02087247da05ebcbad5ca4d5699244f4d93e2d
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 03b5e217e6913beaf789a961c28dda118ae2750550c6f5cbe7a31b7554d8fb2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 133115B4A0020A9FDF14DFA9C980ADA7BF5FF19300F1044AAE904AB361E770A941CF90
                                                                                                                                                                                                                                                                                                                                                                                Function 00B831EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B8327C
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B83287
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: e901cd2b070d2325eaed2741385f5752a8bb03031370996673b344632775c84a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7a25fdd9f9ab137ea79278b62bdbed32839f93985d9ad8da99f8b0aeccbdd578
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e901cd2b070d2325eaed2741385f5752a8bb03031370996673b344632775c84a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6911B2713002097FEF21AE94DC84EBB3BEAEB98B64F104164F918A72A1DA71DD51C760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowRect.USER32(00000000,?), ref: 00B8377A
                                                                                                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000012), ref: 00B83794
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                                • String ID: static
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e9651142dce00c47d69750f28db516c6eed4042e9a40bedeb9d8cf6296b925c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: af82f4475a0b83a40cab77bdc28ee3a4d6e1fddca32b33e3c82f06ff99372836
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e9651142dce00c47d69750f28db516c6eed4042e9a40bedeb9d8cf6296b925c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D1129B6610209AFDF00EFA8CC46EEA7BF8EB08714F004955F955E3260EB35E851DB60
                                                                                                                                                                                                                                                                                                                                                                                Function 00B6CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B6CD7D
                                                                                                                                                                                                                                                                                                                                                                                • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B6CDA6
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                                • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6a59101f68c8bf6295007784b7543c033fad364a86649658383fdb5cbecd84b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 76bd4fb5644af5a3ba1578e1a3aa54b229b8b85e3360c1e7c58a0e1a9ab4bba8
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a59101f68c8bf6295007784b7543c033fad364a86649658383fdb5cbecd84b5
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9E11C6752056317AD7345B668C85EF7BEECEF127A4F1042B6B19983090D7789C44D6F0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B83429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetWindowTextLengthW.USER32(00000000), ref: 00B834AB
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B834BA
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6067e9e89ec81200438698de573616e196b9d117f18ccac21277f62cdfe2045e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6216547185af5bec339fa937279a6b22f356ef0fadff8df834bac9ad1df67c25
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6067e9e89ec81200438698de573616e196b9d117f18ccac21277f62cdfe2045e
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8A119D71100108ABEB12AE64DC84ABA3BEAEF05B74F544764F961932F0C771DC91D760
                                                                                                                                                                                                                                                                                                                                                                                Function 00B56C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                • CharUpperBuffW.USER32(?,?,?), ref: 00B56CB6
                                                                                                                                                                                                                                                                                                                                                                                • _wcslen.LIBCMT ref: 00B56CC2
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                                • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b787d95732fb7cc1cb3537372b83ebab6f10bb474992f8f24ceb3300a1235f4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: aa5f0932a1c183afa619c4c1f1cf19352928754739c3672eaaa6d15909a22a1c
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b787d95732fb7cc1cb3537372b83ebab6f10bb474992f8f24ceb3300a1235f4a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB01C432A0052A8BCB219FFDDC80ABF77F5EA6572179009F4EC5297190FB31D948C650
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B51D4C
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c95d2b3e72520499f1eaecf58e7678d701bca69aaaeae768cc1efc2882d84e89
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: cad2b5aaa9c880aa06790b65322948e2f54d7f7c1bbf7ed7f66f05eb94e70f90
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c95d2b3e72520499f1eaecf58e7678d701bca69aaaeae768cc1efc2882d84e89
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6E01B571601218AB8B14EFA4CD51BFF77F8EB46390B0409A9FC22673D1EA71590D8661
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B51C46
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 3dc29c58053182f2a213944a256ff7ed2682cf4423db30d429426ee550760529
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: d85b05c38e148be152c27040ac48d816c7eb81fffa3930986978e6bdc014268f
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dc29c58053182f2a213944a256ff7ed2682cf4423db30d429426ee550760529
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8801A7756811086BCB14EBD4CA51BFF77E8DF11381F1404D9FD0667291EA619E0CC6B2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B51CC8
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: be58b7efb496015f6b7572f90265d270d5ea638b7bd4034129d7fac973e6c3b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 4c0591a2b90ec2132fcb13bc36ddfcd0dbf6f61c1704d81475d2516701133cc6
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: be58b7efb496015f6b7572f90265d270d5ea638b7bd4034129d7fac973e6c3b6
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE01A2B16802186BDB14EBA5CB41BFF77E8DB11381F140495BD02B7281EA629F0DC6B2
                                                                                                                                                                                                                                                                                                                                                                                Function 00B51D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                                                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00B51DD3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c047d81338f5214c6182756228c9659718826d04e44436995f43173651b71c2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 5fa00a933364d5a1057e66c3be757eee1c751d5abca714c98540aeec60e634c9
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c047d81338f5214c6182756228c9659718826d04e44436995f43173651b71c2a
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32F0A971A412186BDB14EBE5CD91BFF77F8EB01791F040DA5FD22632D1DA70590C8261
                                                                                                                                                                                                                                                                                                                                                                                Function 00B7747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                                • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 1ce600b5b5749a98808abab341f6bcb3cb2ce1c99818c9743b7a4d5176ea4b4b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 63e25f6e7738522d8d949fe4cc0798732b3c5be98b685694039089e46b833631
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1ce600b5b5749a98808abab341f6bcb3cb2ce1c99818c9743b7a4d5176ea4b4b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3DE02B02254220149231127A9CC19BF56C9DFC579075418ABF999C23B6EF948DD293A0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B50B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00B50B23
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                                • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: c8a32199d74fade4aa4dcd7e1d70ccf5591a31467a73a43b7e19c97a95dcc656
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: b9e6ec9d1b9834e274a9b0031832547cfddd36e8f0531e54eaaf60b5cbff45b7
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c8a32199d74fade4aa4dcd7e1d70ccf5591a31467a73a43b7e19c97a95dcc656
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDE0487234431926D22437947C43FD97EC4DF05B51F1004E6FB98555E38BE1649047F9
                                                                                                                                                                                                                                                                                                                                                                                Function 00B10D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B0F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B10D71,?,?,?,00AF100A), ref: 00B0F7CE
                                                                                                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00AF100A), ref: 00B10D75
                                                                                                                                                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00AF100A), ref: 00B10D84
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B10D7F
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 6d4bb3d9861707bdb7b166a27bd0a167cda772d0b144706f7870b1224bd3d718
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 7038be08ca3e321aa67ca69dcba63c076e8c2ef607eeac1d663d305b99497040
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6d4bb3d9861707bdb7b166a27bd0a167cda772d0b144706f7870b1224bd3d718
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6FE065702003418BD330AFBCE4047527FE0AB04745F4049BDE882C7665DBF4E484CBA1
                                                                                                                                                                                                                                                                                                                                                                                Function 00B63017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00B6302F
                                                                                                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00B63044
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                                • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: b0b95a7ef86248e61b9f6264c73d41566aa7e97d5b62198bd69cc8cb1a5ad05f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: f72643753fe3a53cff91ecba3b3760e7e719a127fc031da32365b092d2491906
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b0b95a7ef86248e61b9f6264c73d41566aa7e97d5b62198bd69cc8cb1a5ad05f
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54D05EB250032867DA20ABA4AC0EFDB3F6CDB04750F0002A1B655E30E1DEF49984CBE0
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B8232C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B8233F
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: a3e4e276fd8cce0731defa85bd07de4d0412aeb5907e5bbe6067ff7039d9c38b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: c505e4f905b86fe55b59f1b1b7f34e50e8da46d7157f15a432d50a3bad6d0aae
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a3e4e276fd8cce0731defa85bd07de4d0412aeb5907e5bbe6067ff7039d9c38b
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 50D0A972380300B7E668A3309C0FFC66A44AB00B00F0009527A05AB0E0CDF0A805CB20
                                                                                                                                                                                                                                                                                                                                                                                Function 00B82356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B8236C
                                                                                                                                                                                                                                                                                                                                                                                • PostMessageW.USER32(00000000), ref: 00B82373
                                                                                                                                                                                                                                                                                                                                                                                  • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                                                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                                • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 8e0e632374f1dae579cf5be28e743a8a7ff2b31460c5aaa9c9576b0846c62499
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 8b1729db3ef5d897aa73bf6e62e8eefef862a6ae35bb07949172548db4d18cda
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8e0e632374f1dae579cf5be28e743a8a7ff2b31460c5aaa9c9576b0846c62499
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0AD0A9723803007BE668A3309C0FFC66A44AB00B00F0009527A01AB0E0CDF0A805CB24
                                                                                                                                                                                                                                                                                                                                                                                Function 00B2BDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00B2BE93
                                                                                                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00B2BEA1
                                                                                                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B2BEFC
                                                                                                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.2121847790.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121773026.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2121970719.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122097060.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.2122130007.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_af0000_rpDOUhuBC5.jbxd
                                                                                                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                                • Opcode ID: 97da4a7e6ebf8634bee297a9b88ae5d708e68b483fba8d68712357438d20000c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction ID: 6e188df5ef44fd2a8fcd5845aa05276c00aca28e7b6dd7f66b45c95ad3da51ac
                                                                                                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 97da4a7e6ebf8634bee297a9b88ae5d708e68b483fba8d68712357438d20000c
                                                                                                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1941B135604226ABCB219F64ED84EBA7BE5EF41320F1541E9F96D972A1DF308D01CB61